Sorry, you need to enable JavaScript to visit this website.

Cyber Command Gen. Paul M. Nakasone combat Ransomware criminal groups

The US Military Has Taken Action Against Ransomware Groups, the General Recognizes.

Gen. Paul M. Nakasone, commander of Cyber Command, stated that a new cross-functional effort has been launched to gather intelligence on criminal groups attacking critical infrastructure in the United States.

The United States military has taken action against ransomware gangs as part of its battle against organizations that wage attacks against American businesses, the nation's top cyberwarrior said on Saturday, the first public acknowledgement of such efforts.

Gen. Paul M. Nakasone, commander of the United States Cyber Command and director of the National Security Agency, stated that nine months ago, the government saw ransomware attacks as a law enforcement obligation.

However, the attacks on Colonial Pipeline and JBS meat plants indicated that the criminal organizations behind them were "had an effect on our key infrastructure," General Nakasone stated.

Cyber Command Gen. Paul M. Nakasone combat Ransomware criminal groups
General Paul M. Nakasone stated that cybercriminals are constantly adapting their activities and that "vigilance is critical."

As a result, the government is adopting a more active and concerted effort to countering this threat, reversing its earlier hands-off policy. Cyber Command, the National Security Agency, and other organizations have invested significant resources in acquiring intelligence on ransomware groups and disseminating that information within the government and with international allies.

"The first step is to better understand the adversary and their insights than we have ever understood them," General Nakasone said in an interview on the sidelines of the Reagan National Defense Forum, a gathering of national security professionals.

General Nakasone refused to provide details on the steps taken by his troops or the ransomware groups attacked. However, he stated that one of the objectives was to "impose costs," the word used by military officers to designate punitive cyberoperations.

"Before, during, and since, we have taken actions and imposed costs on a number of sections of our government," General Nakasone stated. "That is a critical point that we should always bear in mind."

According to authorities briefed on the operation, Cyber Command rerouted traffic around servers used by the Russia-based REvil ransomware organization in September. The operation came about as a result of government hackers from an allied country breaching the systems, making it more difficult for the group to collect ransom payments. REvil was forced to shut down temporarily after detecting the US action. The Washington Post reported on that Cyber Command operation last month.

Cyber Command and the National Security Agency also aided the Federal Bureau of Investigation and the Justice Department in their efforts to seize and reclaim a large portion of the cryptocurrency ransom paid by Colonial Pipeline. The Bitcoin payment was initially sought by DarkSide, a Russian ransomware outfit.

Cyber Command conducted its first known operation against a ransomware group prior to the 2020 election, when officials worried a network of machines dubbed TrickBot could be used to disrupt voting.

Government officials have differed on the effectiveness of increased enforcement against ransomware gangs. According to National Security Council officials, Russian groups' operations have decreased. The Federal Bureau of Investigation has been dubious. While some outside groups projected a respite, they predicted the ransomware groups will rebrand and resurface.

When asked if the US has improved its defenses against ransomware gangs, General Nakasone stated that the US was "on an upward trend." However, opponents alter their operations and continue to attempt an attack, he explained.

"We have a lot better understanding of what our adversaries are capable of and may do to us. This is an area where vigilance is critical," he explained, adding that "we cannot take our gaze away from it."

Since taking office in May 2018, General Nakasone has attempted to accelerate cyberoperations, initially focused on stronger defenses against foreign influence operations during the 2018 and 2020 elections. He has stated that his commanders have been able to take broad lessons from both successful and unsuccessful operations.

"Take a look at the vast spectrum of adversaries we've pursued over the last five years: It's been nation-states, proxies, criminals, and an array of other individuals, each of whom necessitates a unique technique," he explained. "The basic components of our success against any enemy are speed, agility, and effort cohesion. You must possess those three."

Last year's SolarWinds hacking discovery, in which Russian intelligence agents implanted software in the supply chain, potentially granting them access to scores of government networks and thousands of business networks, was made by a private company, exposing flaws in America's domestic cyberdefenses. The National Security Agency's Cybersecurity Collaboration Center was established to improve information sharing between government and industry and to improve detection of future intrusions, General Nakasone stated, although industry officials assert that more can be done to improve intelligence flow.

General Nakasone stated that such attacks by ransomware groups and others are expected to continue.

"What we have observed over the last year, and what private industry has suggested, is a massive increase in terms of implants, zero-day vulnerabilities, and ransomware," he said, referring to an unpatched coding issue. "I believe that is the world in which we now live."

General Nakasone stated during a panel discussion at the Reagan Forum that the realm of cyberspace had shifted dramatically over the last 11 months due to the advent of ransomware assaults and operations such as SolarWinds. He stated that it was likely that essential infrastructure in the United States will be targeted in any future military battle.

"Borders become less significant when we consider our opponents, and whomever they are, we should begin with the assumption that our essential infrastructure will be targeted," he told the panel.

Cyber Command has begun ramping up its efforts to safeguard the upcoming election. Despite efforts to reveal Russian, Chinese, and Iranian efforts to meddle in American politics, General Nakasone stated in an interview that foreign negative campaigns will almost certainly continue.

"I believe we should anticipate that in cyberspace, where entrance barriers are so low, our adversaries would constantly attempt to participate," he said.

The formula for success in protecting the election, he explained, is to educate the public about what adversaries are up to, to share information about vulnerabilities and adversarial operations, and ultimately to take action against those attempting to interfere with voting.

While this may manifest as cyberoperations against hackers, the response can be far broader. The Justice Department announced last month the indictment of two Iranian hackers identified by the authorities as being behind an attempt to influence the 2020 presidential election.

"This truly must be a coordinated effort including the entire administration," According to General Nakasone. "This is why diplomatic efforts are critical. This is why it is vital for our success to be able to examine a variety of different levers inside our government in order to effect these types of opponents."

Shariff share buttons