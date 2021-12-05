U.S. Military Has Acted Against Ransomware Groups, General Acknowledges
SIMI VALLEY, Calif. – The U.S. military has cracked down on ransomware groups as part of a crackdown on organizations that attack U.S. companies, the nation’s top cyberwarrier said Saturday, the first public acknowledgment of offensive measures against those organizations.
The head of the US Cyber Command and director general of the National Security Agency, Paul M. Nakason said that nine months ago, the government viewed ransomware attacks as the responsibility of law enforcement.
But the attacks on the colonial pipeline and the JBS beef plant showed that the criminal organizations behind them were “seriously affecting our infrastructure,” General Nakasso said.
In response, the government is taking a more aggressive, better coordinated approach to the threat, abandoning its earlier handoff role. Cyber Command, the NSA and other agencies have poured resources into gathering intelligence on ransomware groups and sharing better insights across governments and with international partners.
“The first thing we need to do is understand the enemy and their insights better than we did before,” General Nakasson said in an interview on the sidelines of the Reagan National Defense Forum, a gathering of national security officials.
General Nakaso will not describe the actions taken by his orders or which ransomware groups are targeted. But he said the “imposition of costs” is an objective, which military officials use to describe punitive cyber operations.
“Before, during and since then, with many elements of our government, we have taken action and we have imposed costs,” General Nakasone said. “This is an important part that we should always be aware of.”
In September, cyber command diverted traffic around servers used by the Russia-based REvil ransomware group, officials said of the operation. The operation took place after allied government hackers entered the server, making it more difficult for the group to collect ransom. After REvil found US action, it was shut down, at least temporarily. That cyber command operation was reported by the Washington Post last month.
The Cyber Command and the NSA also assisted the FBI and the Department of Justice in their efforts to seize and recover the cryptocurrency ransom paid through the Colonial Pipeline. Bitcoin payments were demanded by a Russian ransomware group originally known as Darkside.
Before the 2020 election, the cyber command carried out the first known operation against a ransomware group, when authorities feared that a network of computers known as trickbots could be used to disrupt voting.
Government officials disagree on how effective step-up actions are against ransomware groups. Officials at the National Security Council have said that the movement of Russian groups has slowed down. The FBI is skeptical. Some outside groups saw peace but predicted ransomware groups would be rebranded and re-implemented.
Asked if the United States has done better in defending itself against ransomware groups, General Nakason said the country is “on the upward track.” But enemies are changing their ways and trying to attack, he said.
“We know a lot about what our opponents can and cannot do to you. This is an area where vigilance is really important, “he said.” We can’t ignore it.
Since taking office in May 2018, General Nakasone has worked to accelerate cyber operations by focusing on stronger protection against foreign influence operations in the 2018 and 2020 elections. He says his commands are able to learn extensive lessons from operations that have been successful and others.
“After a period of more than five years, let’s take a look at the broader perspective of the competitors we’ve gone through: they were nation-states, they were proxies, they were criminals, everyone has a whole variety of people they need. A different strategy, “he said. “The key to success against any competitor is speed, agility and unity of effort. You need to have those three. ”
Last year’s Solarwinds hacking discovery, in which Russian intelligence agents installed supply chain software that gave them potential access to government networks and thousands of commercial networks, was carried out by a private company and exposed flaws in US cybersecurity. The NSA’s Cybersecurity Cooperation Center was set up to improve the exchange of information between government and industry and to better detect future intrusions, General Nakason said, although industry officials say more needs to be done to improve the flow of intelligence.
Gen. Nakasone said such attacks from ransomware groups and others are likely to continue.
“What we’ve seen over the last year, and what the private industry has indicated, is that we’ve seen a huge increase in the number of implants and zero-day vulnerabilities and ransomware,” he said, referring to an unknown coding flaw. Patch does not exist. “I think that’s the world we live in today.”
Speaking at a panel at the Reagan Forum, General Nakason said that in the last 11 months, the domain of cyberspace has changed radically due to the rise of ransomware attacks and operations like Solarwinds. He said any future military conflict would target American critical infrastructure.
“Boundaries make less sense when we look at our enemies, and no matter what the opponent is, we should start with the idea that our critical infrastructure will be targeted,” he told the panel.
The cyber command has started its efforts to save the next election. Despite exposing Russian, Chinese and Iranian attempts to interfere in US politics, General Nakassone said in an interview that foreign defamation campaigns are likely to continue.
“I think we have to assume that in cyberspace, where barriers to access are very low, our enemies are always trying to join,” he said.
He said the key to success in defending the election was to provide the public with insights into what the opposition was trying to do, to share information about insecurity and anti-government activities, and to take action against groups trying to interfere in the polls.
This could take the form of cyber operations against hackers, but the response could be more widespread. Last month, the Justice Department announced that it had charged two Iranian hackers with attempting to influence the 2020 election.
“It simply came to our notice then. That is why political efforts are important. That is why it is important for us to look at the various levers in our government to influence these types of opponents. ”
