The Biden administration backed away from the idea of banning ransomware payments after meetings with the private sector and cybersecurity experts, a top cybersecurity official said Wednesday.
“Initially, I thought that was a good approach,” Anne Neuberger, deputy national security adviser for cyber and emerging technology, said at an Aspen Security Forum event. “We know that ransom payments are driving this ecosystem.”
Experts, including former government officials serving on a non-profit ransomware task force, helped shift that view, following high-profile hacks against Colonial Pipeline, the food production company JBS and Kaseya, a Florida-based IT firm. Payments from the Colonial Pipeline and JBS attacks totaled more than $15 million, a number that likely represents a fraction of the funds sent to extortionists.
“We heard loud and clear from many that the state of resilience is inadequate, and as such, if we banned ransom payments we would essentially drive even more of that activity underground and lose insight into it that will enable us to disrupt it,” she said.
Part of disruption efforts includes ongoing work to gain transparency into cryptocurrency networks, which have become a popular means of payment for cybercriminals. Neuberger said the National Security Council is working with other members of an interagency task force to examine regulations and protections that would enable better tracking of payments.
“Our driving goal is rapid tracing and really the strengthening of domestic and international virtual currency regulatory environments to enable that,” she said. “One big part of it is also building in those types of protections in the design of new virtual currencies and addressing that in a way that we can both have the innovation, and not have a broad illicit use that’s driving criminal activity.”
Neuberger’s comments follow remarks by U.S. Securities and Exchange Commission chairman Gary Gensler on Tuesday calling for better oversight of the industry. Gensler said he is seeking additional Congressional authorities to undertake such a mission. The White House is currently exploring solutions within existing authorities and regulations but has not ruled out the need for more, Neuberger said.
Neuberger also spoke to the United States’ ongoing relations with Russia and international allies about stopping ransomware attacks. She called Biden’s discussions with Russian President Vladimir Putin about U.S. expectations regarding ransomware “an important step.” She says that a working group with Russian officials on cybersecurity matters is ongoing.
When asked about a recent interview with an alleged member of a new ransomware group BlackMatter by cybersecurity firm Recorded Future, Neuberger said the interview provided “remarkable insights.” The unverified BlackMatter member said the group planned to avoid targeting critical infrastructure and attracting unwanted attention from the U.S.
“We think we’re seeing a commitment, and we will look to see the action to follow up on that commitment,” Neuberger said.