The White House declined to weigh in Monday on whether companies that are hacked like Colonial Pipeline should pay ransom to their attackers, but a national security official said it may offer some advice in the future.
Anne Neuberger, deputy national security adviser for cyber, told reporters that the FBI has been tracking the ransomware group blamed in the attack, DarkSide, since at least October.
The U.S. intelligence community is investigating whether the Colonial Pipeline hackers have ties to the Russian government or other nation states, Neuberger said.
A news release issued in the name of DarkSide said its goal was to make money and not create problems for society.
As to whether the U.S. government was advising Colonial on whether to pay a ransom, Neuberger said: “Typically that is a private-sector decision and the administration has not offered further advice at this time.”
“Given the rise in ransomware, that is one area we are definitely looking at now, to say what should be the government’s approach,” she said.
Whether targets of such attacks should pay to regain control of their systems is a matter of fierce debate. Critics including the U.S. Conference of Mayors and many security industry veterans contend that paying ransom just encourages attacks.
The U.S. Treasury said in October that facilitating ransomware payments to sanctioned hackers may be illegal, a comment that seemed to signal a crackdown on the fast-growing market for consultants who help organizations pay off cybercriminals.
In a pair of advisories, the Treasury’s Office of Foreign Assets Control and its Financial Crimes Enforcement Network warned that facilitators could be prosecuted even if they or the victims did not know that the hackers demanding the ransom were subject to U.S. sanctions.
The White House formed an interagency working group that met throughout the weekend about the hack and has been keeping U.S. President Joe Biden briefed.
Neuberger and White House homeland security adviser Elizabeth Sherwood-Randall said officials were discussing options for responding to the hack and how to ensure a steady supply of gasoline after the pipeline disruption caused by the cyber attack.