A senior Justice Department official warned Friday that U.S. business leaders must do more to prepare for a onslaught of ransomware attacks carried out by states and criminal groups abroad.
“The message should be for viewers here, for CEOs across the country, that you need to be aware of the exponential increase in these attacks,” Lisa Monaco, deputy attorney general, told CNBC’s Eamon Javers. televised interview since joining the Department of Justice in April.
Monaco, which has led the DOJ’s efforts to defend itself from cyberattacks, said recent Colonial Pipeline hackers and meat processing company JBS reflected the type of intrusions that occurred every day.
“If you’re not taking action (today, right now) to understand how you can make your business stronger, what’s your plan?” Monaco said, addressing business leaders. “If your security chief came to you today and said, ‘We’ve been beaten, boss,’ what is your plan? You know, and your security chief knows the name and number of the FBI leader in your area? who deals with ransomware attacks? these are the steps you need to take right now (today) to make yourself more resilient. “
Monaco, which was a national security adviser to former President Barack Obama, issued a note Thursday to the nation’s federal prosecutors demanding the centralization of reporting ransomware attacks. Shortly after joining the DOJ, he began a 120-day review of the cybersecurity challenges facing the department.
“What we are doing here in the Department of Justice reflects the threat that ransomware poses to national security and to economic security,” Monaco said.
The two most recent ad attacks, against Colonial Pipeline and JBS, have been related to criminal groups in Russia. Monaco refused to speculate on whether Russian President Vladimir Putin, an American antagonist, played any role in the debilitating incursions.
“We know that, indeed, the most recent attacks, against JBS Foods and Colonial Pipeline, are related to criminal actors, criminal groups known to law enforcement, who have ties to Russia, and who are attackers who have attacked before. And, frankly, it reflects a threat that is ongoing, ”Monaco said.
“Today, Eamon, in fact, as we speak, companies are being attacked by ransomware attacks, malicious cyber attackers, whether they are criminals, whether they are nation states or whether they are what we call a ‘combined threat’ of the two,” he added.
JBS, the world’s largest meat packer, was hit Monday by a cyberattack that interfered with its operations in North America. On Tuesday, the company said it had made significant progress in returning to the network, although it did not disclose whether it was paying a ransom.
Monaco said it did not know if the company was paying a ransom. But, he said, “I think we need to know” when companies pay in response to attacks. Investigators, including the FBI, must be able to “track that money,” he said, nothing that is often paid in cryptocurrency.
Colonial Pipeline CEO Joseph Blount has said his company paid DarkSide, the criminal group behind the attack, a $ 4.4 million ransom in bitcoins. DarkSide closed in May, but reportedly received $ 90 million in bitcoin rescue payments.
“The use of cryptocurrency can have many good applications, of course, but we need to be aware of the misuse, the abuse, of the criminal actors in this space,” Monaco said. “That’s why we really need both the stock exchanges and the companies that will work with them to cooperate with the FBI.”
Monaco also said it was crucial that companies, particularly those listed on the stock exchange, reveal when they have been affected by ransomware attacks.
“It’s critical for the public to understand what steps companies are taking to become more resilient,” he said.