According to the nation’s top cyber defender, the US military has gone on the offensive against ransomware groups as US corporations increasingly become targets of malware attacks.
According to Gen. Paul M. Nakasone, the chief of US Cyber Command and director of the National Security Agency, reining in ransomware attacks was considered as the job of law enforcement agencies until about nine months ago.
Attacks on the Colonial Pipeline and JBS meat facilities, on the other hand, have been “impacting our key infrastructure,” according to Nakasone, prompting federal agencies to step up intelligence gathering and sharing on ransomware organisations.
Nakasone didn’t go into detail about the measures taken or the groups targeted, but he did say that one of the objectives is to “impose penalties” on ransomware groups.
“With a lot of aspects of our government, we have taken actions and imposed expenses before, during, and since,” Nakasone added. “That’s a critical component that we must always keep in mind.”
Following a series of cyberattacks on the federal government and commercial organisations, the heightened activity has reignited concerns about the vulnerability of critical infrastructure.
In May, a catastrophic ransomware attack forced the shutdown of a major US petroleum pipeline, raising fears of massive gas shortages throughout the East Coast.
JBS USA, one of the largest meat manufacturers in the United States, was hit by ransomware a month later, briefly shutting down processing units.
Attackers utilise code to grab control of a computer system, like the one used on Colonial, and then demand money to unlock it. For example, the global WannaCry ransomware attacks in 2017 paralysed computer systems at hospitals, banks, and phone companies. Ransomware attacks have also hampered city governments in the United States.
In May, President Joe Biden issued an executive order aimed at strengthening the United States’ cybersecurity defences, citing the attack on the Colonial Pipeline as evidence of the need to do more to defend critical infrastructure.
The order outlined a number of steps aimed at strengthening the country’s cybersecurity, including the removal of contractual barriers to reporting federal agency breaches, the reporting of severe cyberattacks within three days, and the creation of a Cybersecurity Safety Review Board to investigate major incidents.