The FBI’s Director Compares Ransomware Threat to 9/11
Ransomware was on everyone’s mind again this week as the world’s largest meat processing company, JBS SA, faced an attack that crippled its operations in Australia and North America. The company was able to restore operations in just a few days, but the situation underscored once again ransomware’s dire threat to supply chains and critical infrastructure worldwide.
Researchers are going deeper on investigations of Apple’s recently released custom processor, M1, and they’re finding all sorts of fascinating behavior and dynamics. And in the world of election security, Microsoft took a big step this week with the announcement that major voting machine vendor Hart InterCivic is incorporating the tech company’s open source ElectionGuard software into its existing devices. Hart’s first goal is to conduct a real-world pilot of ElectionGuard’s “end-to-end verifiable” voting.
Ransomware is certainly the digital attack of the moment, but take a few minutes this weekend to brush up on supply chain attacks. It’s another notorious (and more ingenious) type of hack that’s had plenty of moments in the sun, from NotPetya to SolarWinds, and will inevitably resurface again.
But wait, there’s more! Each week we round up all the security news WIRED didn’t cover in depth. Click on the headlines to read the full stories, and stay safe out there.
After a series of high-profile ransomware attacks that disrupted critical services in the US, the Department of Justice said this week that it is prioritizing ransomware investigations at a level similar to terrorism inquiries. The news was first reported by Reuters. “It’s a specialized process to ensure we track all ransomware cases regardless of where it may be referred in this country, so you can make the connections between actors and work your way up to disrupt the whole chain,” said John Carlin, principle associate deputy attorney general.
Meanwhile, FBI director Christopher Wray told The Wall Street Journal that the agency is currently tracking roughly 100 different types of ransomware. Many of the strains have ties to criminal hackers in Russia. Wray said the threat and challenge currently posed by ransomware is similar in scale to that of the terrorist attacks of September 11, 2001. “There are a lot of parallels, there’s a lot of importance, and a lot of focus by us on disruption and prevention,” Wray said. “There’s a shared responsibility, not just across government agencies but across the private sector and even the average American.”
The White House also issued an alert to businesses this week from Anne Neuberger, deputy assistant to the president and deputy national security adviser for cyber and emerging technologies. The unusual letter outlined information, best practices, and resources for defending against ransomware attacks and responding to them if they occur.
In January, WhatsApp updated its terms of use and privacy policy, mostly to cover new aspects of its business offerings. But the changes caused significant backlash, because they inadvertently highlighted the app’s years-old policy of sharing certain user data, like phone numbers, with parent company Facebook. WhatsApp apparently feels that the toothpaste is already out of the tube on that data sharing, but the company did move the deadline for users to accept the policy from February to May. If you didn’t accept after that, the app was slated to enter a period of decline until it would eventually become unusable.