National cyber director declares ‘too soon to say we’re out of the woods,’ as US enjoys dip in ransomware

The U.S. still isn't well-equipped to answer the challenge ransomware poses, Chris Inglis said.
Chris Inglis, then-nominee to be the national cyber director, testifies during his confirmation hearing before the Senate Homeland Security and Governmental Affairs Committee on June 10, 2021 in Washington, D.C. (Photo by Kevin Dietsch/Getty Images)

After a summer marked by big ransomware attacks from suspected Russian gangs, some of those same groups went quiet.

National Cyber Director Chris Inglis said Thursday that it’s too early to tell if the trend will hold.

“Those attacks have fallen off. Those syndicates have to some degree deconstructed,” Inglis said at an event hosted by the Ronald Reagan Presidential Foundation and Institute. “I think it’s a fair bet they have self-deconstructed and essentially gone cold and quiet to see whether the storm will blow over and whether they can then come back.”

Whether they do so will depend largely on whether Russian President Vladimir Putin takes steps to undo the “permissive” atmosphere after U.S. President Joe Biden warned him repeatedly about ransomware attacks originating from his country.


“It’s too soon to say we’re out of the woods on this,” Inglis said.

The FBI blamed Russian ransomware gang REvil for the attack on meat supplier JBS in June, and that same gang took credit for hitting software company Kaseya in July. The FBI said another Russian ransomware gang, DarkSide, struck Colonial Pipeline in May. Both groups then disappeared suddenly, although they’ve shown signs of reemerging since.

The U.S. still isn’t well-equipped to answer the challenge ransomware poses, Inglis said.

“We’re not figuring out how to prevent them from accessing those systems,” he said. “We’re not figuring out how to bring them to justice. We’re not figuring out how to follow the money. All that … constitutes a system that creates weakness.”

While it’s the official government policy that ransomware victims shouldn’t pay their attackers, “Every policy has to have an exception handler,” said Inglis, using a computer programming term.


Sometimes, an organization — a hospital, for instance — might do everything possible to defend itself against an attack and still fall victim.

“In order to save lives, open hospital rooms or to get patients to the right place at the right time, they have no other choice but to pay the ransom,” he said. “That may well be right choice that moment in time. We’re not therefore going to penalize someone to do what’s essential to save lives.”

That said, “We will go back and look at how we got there,” Inglis continued. He compared the situation to that of an automobile accident: “We don’t so much prosecute the accident but prosecute the reckless behavior that led to that accident.”

Latest Podcasts