The US military has gone on the offensive against ransomware groups as US companies increasingly become targets of malware attacks, the nation's top cyber defender acknowledged on Saturday.
Up until about nine months ago, reining in ransomware attacks was seen as the responsibility of law enforcement agencies, Gen. Paul M. Nakasone, the head of US Cyber Command and director of the National Security Agency, told the New York Times. But attacks like the ones on Colonial Pipeline and JBS beef plants have been "impacting our critical infrastructure," Nakasone said, leading federal agencies to ramp up the gathering and sharing of intelligence on ransomware groups.
"The first thing we have to do is to understand the adversary and their insights better than we've ever understood them before," Nakasone said in an interview at the Reagan National Defense Forum, a gathering of national security officials.
Nakasone didn't describe the action taken or identify the groups targeted, but said one of the goals is to "impose costs" for ransomware groups.
"Before, during and since, with a number of elements of our government, we have taken actions and we have imposed costs," Nakasone said. "That's an important piece that we should always be mindful of."
The increased activity follows a string of cyberattacks on the federal government and private companies, reigniting concerns about the vulnerability of critical infrastructure.
A crippling ransomware attack on Colonial Pipelinein May, leading to concern of widespread gas shortages along the East Coast. A month later, JBS USA, one of the biggest meat producers in the US, suffered a .
In ransomware schemes like the one used on Colonial, attackers use code to seize control of a computer system and then demand money to unlock it. The worldwidein 2017, for instance, locked up , banks and phone companies. City governments in the US have also been .
President Joe Biden signed an executive order in May, saying that the attack on Colonial Pipeline highlighted the need to do more to protect critical infrastructure. The order outlined a number of steps aimed at shoring up the nation's cybersecurity, including a call for the removal of contractual barriers to reporting federal agency breaches, the reporting of severe cyberattacks within three days and the establishment of a Cybersecurity Safety Review Board to investigate significant incidents.