White House implores businesses to strengthen ransomware defence

The White House has urged US businesses to bolster their cyber defences in the wake of audacious ransomware attacks that have disrupted critical supply chains run by large companies.

“Much as our homes have locks and alarm systems and our office buildings have guards and security to meet the threat of theft, we urge you to take ransomware crime seriously and ensure your corporate cyber defences match the threat,” Anne Neuberger, deputy national security adviser for cyber and emerging technologies, wrote in a memo on Thursday to business leaders.

Ransomware hackers typically paralyse a target’s computer networks or take its data until they are paid. The groups have launched increasingly bold attacks on businesses and infrastructure that are central to the US economy.

Last month, hackers extracted a ransom of more than $4m after attacking the Colonial Pipeline that connects Texas to the northeastern US. The incident interrupted fuel flows and caused petrol shortages in some locations.

This week, systems at JBS, the Brazilian meat processing company with extensive operations in the US, were also infected by ransomware, forcing slaughterhouses to cancel work shifts.

We need the government to meet us halfway

Biden administration officials and the companies believe the two attacks came from Russia, and the US president is expected to raise the issue during his Geneva summit with Russian counterpart Vladimir Putin later this month. Neuberger said the problem was global and escalating.

“The threats are serious and they are increasing. We urge you to take these critical steps to protect your organisations and the American public. The US government is working with countries around the world to hold ransomware actors and the countries who harbour them accountable, but we cannot fight the threat posed by ransomware alone,” Neuberger said.

Washington and the business community have been discussing closer co-ordination on cyber threats since the years of the Obama administration. 

In January, the Business Roundtable greeted Biden’s inauguration by calling on the federal government to implement a cyber strategy that included modernising government defences, promoting global co-operation on deterrence and improving collaboration between private and government entities. 

The US Chamber of Commerce has similarly called for better intelligence sharing between the public and private sectors, warning that network breaches by foreign actors have the potential to pose “a far more sinister threat to our economy and critical infrastructure”. 

The growing frequency and severity of cyber attacks is increasing the costs companies pay to insure against them. Premiums had jumped 27 per cent by mid-May from last year’s levels, according to Aon, the insurance broker. 

Jamie Dimon, chief executive of JPMorgan Chase, testified to the US Senate banking committee last month that the bank spent over $700m each year to enhance its resilience but warned that the attacks were increasing in number and sophistication.

“This is a serious national security concern that requires partnership and collaboration to address,” he said, adding: “We need the government to meet us halfway and provide dedicated national security resources to collaborate with critical infrastructure companies and defend the national interest from cyber attacks.”