WASHINGTON — The White House is urging private companies to take “immediate steps” to better protect themselves against ransomware attacks following a pair of high-profile episodes in which hackers, allegedly located in Russia, targeted a major oil pipeline company and a meat supplier with operations in the United States.
In an open letter to “corporate executives and business leaders,” the National Security Council’s top cyber official said strengthening the nation’s resistance to cyberattacks is a top priority for President Biden. But she also stressed that “the private sector has a distinct and key responsibility.”
“All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location,” Anne Neuberger, deputy national security adviser for cyber and emerging technology, said in the letter, dated Wednesday. “But there are immediate steps you can take to protect yourself, as well as your customers and the broader economy.”
The letter, which The Washington Post obtained from the White House, suggests a half-dozen steps that companies should take, including backing up their data, segmenting their networks and testing an incident response plan.
The letter follows a ransomware attack last month on Colonial Pipeline, followed by an attack disclosed over the weekend on JBS, a global meat supplier with operations in the United States.
On Wednesday, the FBI attributed the attack to a Russian-linked group known as both REvil and Sodinokibi. The disruption in meat supplies came as consumers already are paying more for steaks, chops and roasts because of the pandemic.
“The most important takeaway from the recent spate of ransomware attacks on U.S., Irish, German and other organizations around the world is that companies that view ransomware as a threat to their core business operations rather than a simple risk of data theft will react and recover more effectively,” Neuberger said in the letter.
Speaking Thursday at a briefing for reporters, White House press secretary Jen Psaki repeated earlier advice to companies not to pay ransom when attacked.
“Our guidance continues to be from the FBI that companies should not pay ransom because it incentivizes these attacks on other companies,” she said.
Biden plans to discuss Russia’s role in policing “ransomware criminals” within its borders when he holds a summit June 16 with Russian President Vladimir Putin, Psaki said Wednesday.
“There will be an opportunity for the president to discuss this directly with President Putin, to reiterate the fact that we believe that responsible states do not harbor ransomware criminals,” Psaki told reporters during a White House briefing. “We will continue to be in touch with Moscow. We will continue to make the case that responsible countries need to take decisive action against ransomware networks.”
Asked how the United States might respond, Psaki said, “We’re not taking options off the table.”
Comments are not available on this story. Read more about why we allow commenting on some stories and not on others.
We believe it's important to offer commenting on certain stories as a benefit to our readers. At its best, our comments sections can be a productive platform for readers to engage with our journalism, offer thoughts on coverage and issues, and drive conversation in a respectful, solutions-based way. It's a form of open discourse that can be useful to our community, public officials, journalists and others.
We do not enable comments on everything — exceptions include most crime stories, and coverage involving personal tragedy or sensitive issues that invite personal attacks instead of thoughtful discussion.
You can read more here about our commenting policy and terms of use. More information is also found on our FAQs.
Show less