US Energy Secretary Jennifer Granholm has said in an interview with CNN that companies need to alert the federal government when they are targeted and stop paying attackers.
“You shouldn’t be paying ransomware attacks, because it only encourages the bad guys,” she said.
While she opposes ransomware payments, she said she is uncertain whether President Biden or Congress is prepared to outlaw them.
Her comments follow a flurry of high profile ransomware attacks on US corporates in recent week, most notably the May attack on Colonial Pipeline, which created temporary fuel shortages and led to the company paying the $4.4mn ransom demand.
US officials are also asking business to be more vigilant and transparent about cyber-attacks. “Part of our vulnerability on cybersecurity is you’re only as strong as your weakest link,” said Transportation Secretary Pete Buttigieg.
Companies should be required to report ransomware attacks, Democratic Senator Mark Warner from Virginia said on Sunday (6 May), though he stopped short of saying he supported making such payments illegal.
Also speaking over the weekend, US Commerce Secretary Gina Raimondo said the Biden administration is looking at “all of the options,” to defend the country against ransomware criminals, when asked if military action was being considered.
Raimondo did not detail what those options could look like, but said the topic will be on the agenda when the president meets with Russian President Vladimir Putin this month.
The rising threat of cyberattacks has pushed the Biden administration into a more aggressive stance against Russia, which is thought to be harbouring some of the perpetrators.
“We’re not taking anything off the table as we think about possible repercussions, consequences or retaliation,” Raimondo said.
The White House plans to use the 16 June summit to deliver a clear message to the Russian leader, officials say.
A next step could be destabilisation of the computer servers used to carry out such hacks, according to reports.
Last weekend, the world’s largest meatpacker was targeted by cybercriminals and in May, the largest fuel pipeline in the United States was attacked, stoking fears over supply disruptions of food and fuel.
US adversaries have the ability to shut down the country’s entire power grid, Energy Secretary Jennifer Granholm said separately in an interview with CNN, noting “thousands of attacks on all aspects of the energy sector”.
Only last weekend the Australian and North American units of the world’s largest meat processor, Brazil’s JBS, were hit by a co-ordinated attack on its information systems. The cyber-attack caused its Australian operations to shut down temporarily.
The attack follows a series of other hacks in recent weeks, with reported attacks on insurers CNA and Axa; Toshiba; and the Irish health service.