Deputy Attorney General Lisa Monaco issued new guidance over how to investigate ransomware after a series of cyberattacks rocked U.S. supply chains.
WASHINGTON (CN) — On May 7, one of the largest pipeline operators in the United States abruptly shut down operations. The Colonial Pipeline in Alpharetta, Georgia, was the latest victim of a ransomware attack that led to a gas shortage on the East Coast. The oil giant reportedly paid the hackers almost $5 million in cryptocurrency after the breach.
They took the company’s systems offline to “contain the threat” and ceased all pipeline operations in the process.
Similarly, the largest meat supplier in the world, JBS, fell victim to another ransomware attack that hit their operations in the U.S. and Australia. Both attacks are believed to have been perpetrated by Russians, including REvil, an infamous ransomware gang composed of Russian speakers.
“Ransomware attacks are a real and present danger to critical infrastructure around the world and, by extension, every single consumer,” Amit Yoran, CEO of the cybersecurity firm Tenable, said in an email. “Any downtime of these operations can cost millions of dollars but also has the potential to have serious economic impacts — food security issues, fuel shortages, and more.”
Deputy Attorney General Lisa Monaco released an internal memo late Thursday detailing new guidance on how to tackle cyberattacks as a result.
These recent ransomware attacks “underscore the growing threat that ransomware and digital extortion pose to the Nation, and the destructive and devastating consequences ransomware attacks can have on critical infrastructure,” she wrote.
Monaco, a seasoned national security expert, has launched a full offensive against cyberattacks since taking office in April. By early May, she’d launched a wide-reaching review of the department’s cybersecurity strategy with the goal of bringing forth “actionable recommendations” within four months.
“We know that ransomware attacks and digital extortion schemes are often conducted by transnational criminal actors, spread without regard to geographic borders, and thrive on the abuse of online digital and financial infrastructure,” the deputy attorney general continued. “Accordingly, the Department must make sure that its efforts in combating digital extortion are focused, coordinated, and appropriately resourced.”
The new guidelines aim to funnel all cases related to ransomware or digital extortion into the Criminal Division’s Computer Crime and Intellectual Property Section. The new guidance dictates that U.S. Attorney’s Offices notify them and the National Security and Cyber Crime Coordinator when a qualifying case falls into their hands.
Aside some ransomware, these cases would also have to do with cryptocurrency exchanges, botnets, online money laundering and anti-virus services, each of which have been used cyberattacks around the world.
“Cybercriminals are smart — they’re following the money,” Yoran said. “They understand they’ll get a higher return-on-investment by targeting the backbone of our country.”