Though not a new phenomenon, ransomware attacks — in which hackers lock up and encrypt data and demand often-exorbitant sums to release it to victims — have exploded in the last year with breaches affecting vital infrastructure and global corporations.
Colonial Pipeline, which supplies roughly half the fuel consumed on the East Coast, paid more than $4 million after a May attack that led it to halt operations, though the Justice Department clawed the majority of it back by gaining access to the cryptocurrency wallet of the culprits, known as DarkSide. The public should expect to see more such seizures, Monaco said.
JBS, the world’s largest meat processor, paid $11 million in June following a hack by a Russian group known as REvil, which weeks later carried out what’s believed to be the largest single ransomware attack on record — largely through firms that remotely manage IT infrastructure for multiple customers.
The splashy attacks elevated ransomware as an urgent national security priority while the administration scrambled to stem the onslaught.
Inside the Justice Department, officials in April formed a ransomware task force of prosecutors and agents, and they’ve directed U.S. attorney offices to report ransomware cases to Washington just as they would terrorism attacks.
It has also tried prosecutions, extraditing from South Korea last month an accused Russian hacker, Vladimir Dunaev, who prosecutors say participated in a cyber gang whose malicious software — “Trickbot” — infected millions of computers.
“You’re going to see more actions like you saw last week in the days and weeks to come,” Monaco said.
Still, holding foreign hackers accountable in the U.S. is notoriously difficult, and ransomware gangs are abundant. Even if recent attacks haven’t generated the same publicity as the ones last spring, Monaco said there’s been no discernible change in behavior by opportunistic hackers still targeting a range of industries with attacks that threaten to paralyze crucial business operations — or force multimillion-dollar payouts.
Monaco said she’s sympathetic to the hard decisions companies must make, in part because she’s had experience confronting criminals’ monetary demands.
As homeland security and counterterrorism adviser in the Obama administration, she helped craft a policy on Americans held hostage overseas. The policy reiterated that ransom payments for hostages were discouraged and illegal, but also made clear that prosecutors didn’t plan to prosecute families who made such payments.
“What it reflects, and frankly what the whole endeavor reflected, was a sense on Lisa’s part that this was an area where you needed an extraordinary balance between policy and humanity,” said Joshua Geltzer, the Biden administrator’s deputy homeland security adviser who worked with Monaco in the Obama White House.
The U.S. government has publicly discouraged ransomware payments but Monaco — who during the Obama administration faced criticism from hostage families about the government’s response to their plight — says the administration is trying to listen to and work with victimized companies.
Officials have shown no interest in prosecuting companies that pay ransom to hackers, though Monaco did announce last month that the department was prepared to sue federal contractors who fail to disclose that they’ve been hacked or who fail to meet cybersecurity standards.
“We have experienced where companies do not pay the attention they need to on this front,” Monaco said.
Ransomware attacks have flourished even as the federal government grapples with more old-fashioned, albeit sophisticated, cyber espionage. The Justice Department was among the agencies hit hard by the SolarWinds breach, in which Russian government hackers exploited a supply chain vulnerability to gain access to the networks of federal departments and private companies.
The Justice Department has said more than two dozen U.S. attorneys’ offices had at least one employee whose email account was compromised.
It was a reminder, she said, that no one is immune from a sophisticated breach.
“We need to practice what we preach and be doing the same type of vigilance on our cybersecurity that we are asking companies to do,” she said.
____
Follow Eric Tucker on Twitter at http://www.twitter.com/etuckerAP.
Help us Continue to tell OUR Story and join the AFRO family as a member – subscribers are now members! Join here!