NSA director expects facing ransomware attacks "every single day" in five years

Key Points

• NSA director said the U.S. expects ransomware attacks to happen “every single day” within the next five years

• Biden to meet Counter-Ransomware Initiative, an informal group of 30 countries, later this month to discuss and prevent future cyberthreats

• The administration is planning to improve law enforcement collaboration on the illicit use of cryptocurrency

The director of the U.S. National Security Agency (NSA) on Tuesday said he expects ransomware attacks to happen “every single day” within the next five years, and to mitigate the threat, attacks have to be constant.

“We are persistently engaged, and being persistently engaged, you have unique insights that you can develop. You have unique capabilities you can bring forward. There are matters upon which you can engage your adversaries,” Paul Nakasone, NSA director, said at the cybersecurity firm Mandiant’s Cyber Defense Summit. “I think if you leave that, then your adversaries have determined in due course what they are going to do.”

President Joe Biden on Friday said he will meet with officials from 30 countries later this month to combat the growing threat of ransomware and other cybercrime.

The White House National Security Council will host an online session to “improving law enforcement collaboration” on issues like “the illicit use of cryptocurrency.”

While talking about how to combat ransomware attacks, at the summit, Deputy National Security Advisor for Cyber and Emerging Tech Anne Neuberger said that the 30 countries will have to come together “with four lines of effort around cryptocurrency, resilience, disruption, and diplomacy.”

Nakasone said that partnerships are essential to achieve outcomes, either by bolstering defenses or disrupting adversary activities.

He also mentioned that Cyber Command and NSA are “focusing on sharing insights at an unclassified level, creating new environments and spaces both physically and virtually for unclassified collaboration, and working with companies to convey that we are from the government and we’re here to help.”

Read More: Decrypting ransomware: Weapons-grade or casual attacks?

Cyberattacks, a new form of warfare

The Biden administration has elevated the response to cyber threats to the senior-most levels of the administration following multiple attacks this year that threatened to destabilize U.S. energy and food supplies.

High-profile attacks on Colonial Pipeline, which provides 45% of the East Coast’s fuel, on meat producer JBS USA, and on IT company Kaseya, which ultimately affected nearly 1,500 companies, have shaken the nation.

While ransomware attacks are nothing new, they have become popular instruments over the past year during the COVID-19 pandemic, with cybercriminals going after vulnerable targets such as schools and hospitals to gain access to encrypted data and the targets are more likely to pay to regain access to the systems quickly.

JBS and Colonial Pipeline paid the cybercriminals in Bitcoin worth $11 million and $5 million, respectively, to regain access.

Currently, the Biden administration hopes that the Counter-Ransomware Initiative, the new informal group of 30 countries, will bolster their diplomatic push that has included direct talks with Russia as well as the NATO alliance and Group of Seven (G7) wealthy nations.

Although it was not immediately apparent which countries would participate or when exactly it would take place, the meeting would address “the misuse of virtual currency to launder ransom payments” and intend to “investigate and prosecute ransomware criminals,” many of who are anonymous and attack institutions in other countries.