Chris Butera, head of Threat Hunting for the Cybersecurity and Infrastructure Security Agency (CISA), said ransomware has “continued to increase, especially in our state, local governments, as well as our critical instructor space.”
“The ransomware actors have become more brazen,” he said during a virtual summit Wednesday. “They’ve started to exfiltrate data and try to extort payments.”
“I do think we will continue to see that happen,” Butera said, adding cybersecurity is a “primary priority” for the U.S. government.
Ransomware attacks have increasingly targeted American interests, most recently shutting down U.S. meat plants affiliated with the world’s largest meatpacker, Brazil-based JBS, earlier this week.
Butera said the government does not encourage companies to pay out ransoms on cyber-attacks but said the administration “understands” if private companies disagree.
“The government does not advocate paying ransoms,” Butera said. “But we do understand that it is a significant, difficult decision for some of these organizations when they are put under the gun to try to manage their business operations during these times.”
The Biden administration’s stance on handling ransomware aligns with the government’s traditional attitude when it comes to paying ransom to any criminal or terrorist group.
“This is a continuation of U.S. policy,” Resident Fellow for the American Enterprise Institute (AEI) Klon Kitchen told Fox News. “We have always encouraged companies not to pay ransom, because it encourages future attacks.”
Kitchen pointed to the monumental consequences private companies face when targeted by ransomware, including significant financial loss and potentially devastating shortages for consumers.
But according to Kitchen, there are two major problems that arise once a ransom is paid. There is no guarantee a ransomer will unlock what they are holding hostage once payment is submitted, and the payment sets a precedent that could encourage other groups to engage in ransomware.
“U.S. policy needs to more directly engage with ransomware,” the technology and national security-focused fellow urged. “We need to change the political calculus of foreign governments who allow ransomware attackers to operate with impunity within their borders.”
The White House has attributed the attacks on JBS and the East Coast’s Colonial pipeline – which struck the largest U.S. fuel pipeline last month – to criminal organizations within Russia.
Biden is expected to address the attacks with Russian President Vladimir Putin in the June 16 summit in Geneva, White House officials announced Wednesday.
But the president has so far not said the Kremlin has had any affiliation with the ransomware attacks.
“It’s time for the United States to start putting heads on spikes when it comes to confronting and dismantling ransomware groups,” Kitchen said.
“If President Biden does not confront Vladimir Putin about the ransomware groups perpetrating from within Russia, he will be failing in his duty to protect the United States from these types of attacks,” he added.
Jake Gibson and Matthew London contributed to this report.