CEOs need to prepare for increase in ransomware attacks: DOJ official
A senior Justice Department official on Friday warned that U.S. business leaders must do more to prepare for a ransomware attack by overseas states and criminal groups.
“The message needs to go to viewers here, to CEOs across the country, that you need to be aware of the exponential increase in these attacks,” Lisa Monaco, deputy attorney general, told CNBC. Eamon Javers in her first TV interview since joining the Justice Department in April.
Monaco, which has led DOJ’s efforts to defend against cyberattacks, said recent high-profile hacks of Colonial Pipeline and meat processing company JBS reflected the types of intrusions that occur every day.
“If you don’t take action – today, now – to figure out how you can make your business more resilient, what’s your plan? Said Monaco, addressing business leaders. “If your security chief came to see you today and said, ‘We’ve been hit, boss,’ what’s your plan? Do you know and does your security chief know the name and number of the FBI chief in your area who deals with ransomware attacks? These are steps you need to take now – today – to make yourself more resilient. “
Monaco, who was homeland security adviser to former President Barack Obama, on Thursday released a note to federal prosecutors across the country demanding centralized reporting of ransomware attacks. Shortly after joining the DOJ, she launched a 120-day review of the cybersecurity challenges facing the department.
“What we are doing here at the Ministry of Justice reflects the threat that ransomware poses to national security and economic security,” Monaco said.
The two most recent high-profile attacks, on Colonial Pipeline and JBS, have been linked to criminal groups in Russia. Monaco declined to speculate whether the Russian president Vladimir Poutine, an American antagonist, played no part in the debilitating forays.
“We know that indeed the most recent attacks, against JBS Foods and Colonial Pipeline, are linked to criminal actors, criminal groups known to law enforcement, who have ties to Russia, and these are attackers who have struck before. And, frankly, that reflects an enduring threat, “Monaco said.
“Today, Eamon, indeed, as we speak, businesses are under attack by ransomware attacks, by malicious cyber attackers, whether they are criminals, whether they are nation states or who are ‘they are what we call a “mixed threat” of the two, “she added.
JBS, the world’s largest meat packer, was hit in a cyberattack on Monday that hampered its operations in North America. On Tuesday, the company said it had made significant progress getting back online, although it did not disclose whether it had paid a ransom.
Monaco said she did not know if the company had paid a ransom. But, she said, “I think we need to know” when companies are paying in response to attacks. Investigators, including the FBI, must be able to “track this money,” she said, nothing that is often not paid in cryptocurrency.
Colonial Pipeline CEO Joseph Blount said his company paid DarkSide, the criminal group behind the attack, a ransom of $ 4.4 million in bitcoin. DarkSide closed in May but had would have received $ 90 million in bitcoin ransom payments.
“The use of cryptocurrency can have many good applications, of course, but we need to be aware of the misuse, abuse, criminal actors in this space,” Monaco said. “That’s why we really need both the exchanges and the companies that are going to work with them to cooperate with the FBI.”
Monaco also said it is crucial for companies – especially those that are publicly traded – to disclose when they have been affected by ransomware attacks.
“It is critical that the public understand exactly what steps businesses are taking to make themselves more resilient,” she said.
Also on Friday, the FBI issued a statement on recent ransomware attacks, calling its investigations “a top priority.”
“The FBI has a long history of facing unique challenges in cyberspace and imposing risks and consequences on our nation’s cyber adversaries,” he said. “Thanks to relationships of trust with our partners in the private sector, we are indispensable in the fight against cyber attacks.”