White House weighs cracking down on secret ransomware payments, pursuing hackers

Going on offense against attackers and penetrating the secrecy surrounding attacks are two ways the Biden administration is pondering to tackle ransomware, a top White House official said on Tuesday.

Anne Neuberger, the deputy national security adviser, said that that a joint FBI, U.S. Cyber Command and private sector effort to cripple the Trickbot botnet, a hacking tool that U.S. officials had feared would disrupt 2020 election season, should be the kind of operation used to tackle ransomware gangs in the future.

“Certainly that serves as a model to say where we identify actors and infrastructure that are used … to conduct ransomware attacks, we want to ensure that we make it a lot harder for those actors to operate,” Neuberger said at an event hosted by the Silverado Policy Accelerator, a nonprofit think tank.

In advance of the 2020 election, Cyber Command and Microsoft led missions to weaken Trickbot, an infected network of computers. Out of fear that hackers could deploy Trickbot to launch ransomware attacks to inhibit election-supporting IT systems, Microsoft obtained a court order to take over command-and-control servers, while Cyber Command conducted a disruption operation, about which fewer details are publicly available.

But before law enforcement can go fully target ransomware gangs, the U.S. government needs more “visibility” into their activity, Neuberger said. That includes considering whether to prohibit companies from keeping ransomware payments secret.

“That is a key issue we’re looking at right now,” Neuberger said. “We don’t have adequate insight into the breadth of ransomware that’s occurring because of that issue.”

Neuberger made her remarks as the Biden administration has undertaken a number of initiatives to crack down on ransomware, following the high-profile attacks on Colonial Pipeline and meat supplier JBS. Among them is conducting a ransomware review that includes a focus on disrupting attackers, building an international coalition, studying the U.S. government’s policies and expanding analysis of cryptocurrency given attackers’ use of it to receive payments. 

The administration is wary of banning ransomware payments entirely, something Neuberger called a “difficult policy position” that could harm companies who feel they have to pay up to decrypt their networks, even if the U.S. government discourages such payments.

It’s “one of the toughest among them, and has to really be approached with a lot of careful thought, thinking second- and third-order effects,” Neuberger said.

Addressing another subject, Neuberger said the administration would be attributing who was behind the Microsoft Exchange Server hack and taking action against the perpetrators “in the coming weeks.” National Security Adviser Jake Sullivan said in March that the administration would do so “in the near future.”

Microsoft had previously blamed a group of suspected Chinese hackers it dubbed Hafnium.