US military has reportedly acted against ransomware groups

Action came after a series of crippling attacks raised concerns about vulnerabilities in the nation's critical infrastructure.

Steven Musil
Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
2 min read

Gen. Paul M. Nakasone, the US top cyberwarrior, acknowledged that the US military has become involved in the fight against ransomware groups.

Chip Somodevilla/Getty Images

The US military has gone on the offensive against ransomware groups as US companies increasingly become targets of malware attacks, the nation's top cyber defender acknowledged on Saturday.

Up until about nine months ago, reining in ransomware attacks was seen as the responsibility of law enforcement agencies, Gen. Paul M. Nakasone, the head of US Cyber Command and director of the National Security Agency, told the New York Times. But attacks like the ones on Colonial Pipeline and JBS beef plants have been "impacting our critical infrastructure," Nakasone said, leading federal agencies to ramp up the gathering and sharing of intelligence on ransomware groups.

"The first thing we have to do is to understand the adversary and their insights better than we've ever understood them before," Nakasone said in an interview at the Reagan National Defense Forum, a gathering of national security officials.

Nakasone didn't describe the action taken or identify the groups targeted, but said one of the goals is to "impose costs" for ransomware groups.

"Before, during and since, with a number of elements of our government, we have taken actions and we have imposed costs," Nakasone said. "That's an important piece that we should always be mindful of."

The increased activity follows a string of cyberattacks on the federal government and private companies, reigniting concerns about the vulnerability of critical infrastructure.

A crippling ransomware attack on Colonial Pipeline forced the shutdown of a major US petroleum pipeline in May, leading to concern of widespread gas shortages along the East Coast. A month later, JBS USA, one of the biggest meat producers in the US, suffered a ransomware attack that temporarily knocked out processing plants.

In ransomware schemes like the one used on Colonial, attackers use code to seize control of a computer system and then demand money to unlock it. The worldwide WannaCry ransomware attacks in 2017, for instance, locked up computer systems at hospitals, banks and phone companies. City governments in the US have also been hobbled by ransomware assaults.

President Joe Biden signed an executive order in May aimed at improving US cybersecurity defenses, saying that the attack on Colonial Pipeline highlighted the need to do more to protect critical infrastructure. The order outlined a number of steps aimed at shoring up the nation's cybersecurity, including a call for the removal of contractual barriers to reporting federal agency breaches, the reporting of severe cyberattacks within three days and the establishment of a Cybersecurity Safety Review Board to investigate significant incidents.