(WASHINGTON) — The Justice Department is stepping up actions to combat ransomware and cybercrime through arrests and other actions, its No. A 2 official spoke to The Associated PressThe Biden administration is stepping up its responses to the national security threats and an economic crisis.
Deputy Attorney General Lisa Monaco said that “in the days and weeks to come, you’re going to see more arrests,” more seizures of ransom payments to hackers and additional law enforcement operations.
“If you come for us, we’re going to come for you,” Monaco said in an interview with the AP this week. She refused to provide details on who might be prosecuted.
These actions will build on recent steps, such as the extradition of a Russian cybercriminal to the U.S. and seizure of $2.3million in cryptocurrency that hackers paid in June. They come as the U.S. continues to endure what Monaco called a “steady drumbeat” of attacks despite President Joe Biden’s admonitions last summer to Russian counterpart Vladimir Putin after a spate of lucrative attacks linked to Russia-based hacking gangs.
“We have not seen a material change in the landscape. Only time will tell as to what Russia may do on this front,” Monaco said.
Another official, National Cyber Director Chris Inglis, painted a rosier picture, telling lawmakers Wednesday that the U.S. had seen a “discernible decrease” in attacks emanating from Russia but that it was too soon to say why.
But Monaco added: “We are not going to stop. We’re going to continue to press forward to hold accountable those who seek to go after our industries, hold their data hostage and threaten economic security, national security and personal security.”
Monaco is a longtime fixture in Washington law enforcement, having served as an adviser to Robert Mueller when he was FBI director and as head of the Justice Department’s national security division. In 2014, she was an official at the White House when the Justice Department indicted Chinese hackers.
Monaco’s current position, with oversight of the FBI and other Justice Department components, has made her a key player in U.S. government efforts against ransomware. Given the number of ransomware attacks, as well as the ease hackers have been able to infiltrate private firms and government agencies alike, this fight has proven difficult. It is not clear how long-lasting the new actions will be.
Though not a new phenomenon, ransomware attacks — in which hackers lock up and encrypt data and demand often-exorbitant sums to release it to victims — have exploded in the last year with breaches affecting vital infrastructure and global corporations.
Colonial Pipeline supplies about half of East Coast’s fuel needs. It paid $4 million for the damage caused by the May attack. However, the Justice Department was able to recover the bulk of the money through DarkSide, and gained access to DarkSide’s cryptocurrency wallet. Monaco stated that the public can expect more seizures like this.
JBS, the world’s largest meat processor, paid $11 million in June following a hack by a Russian group known as REvil, which weeks later carried out what’s believed to be the largest single ransomware attack on record — largely through firms that remotely manage IT infrastructure for multiple customers.
Ransomware was elevated to national security priority after the rash attacks. The administration attempted to contain the storm.
Inside the Justice Department, officials in April formed a ransomware task force of prosecutors and agents, and they’ve directed U.S. attorney offices to report ransomware cases to Washington just as they would terrorism attacks.
It has also tried prosecutions, extraditing from South Korea last month an accused Russian hacker, Vladimir Dunaev, who prosecutors say participated in a cyber gang whose malicious software — “Trickbot” — infected millions of computers.
“You’re going to see more actions like you saw last week in the days and weeks to come,” Monaco said.
It is not easy to hold foreign hackers responsible in the U.S., as ransomware gangs can be found everywhere. Even if recent attacks haven’t generated the same publicity as the ones last spring, Monaco said there’s been no discernible change in behavior by opportunistic hackers still targeting a range of industries with attacks that threaten to paralyze crucial business operations — or force multimillion-dollar payouts.
Monaco said she’s sympathetic to the hard decisions companies must make, in part because she’s had experience confronting criminals’ monetary demands.
She was the counterterrorism and homeland security adviser to President Obama. The policy reiterated that ransom payments for hostages were discouraged and illegal, but also made clear that prosecutors didn’t plan to prosecute families who made such payments.
“What it reflects, and frankly what the whole endeavor reflected, was a sense on Lisa’s part that this was an area where you needed an extraordinary balance between policy and humanity,” said Joshua Geltzer, the Biden administrator’s deputy homeland security adviser who worked with Monaco in the Obama White House.
The U.S. government has publicly discouraged ransomware payments but Monaco — who during the Obama administration faced criticism from hostage families about the government’s response to their plight — says the administration is trying to listen to and work with victimized companies.
Officials have shown no interest in prosecuting companies that pay ransom to hackers, though Monaco did announce last month that the department was prepared to sue federal contractors who fail to disclose that they’ve been hacked or who fail to meet cybersecurity standards.
“We have experienced where companies do not pay the attention they need to on this front,” Monaco said.
While the federal government struggles with cyber espionage, Ransomware attacks are flourishing. SolarWinds saw the Justice Department among those agencies most severely affected. Russian hackers took advantage of a supply chain weakness to gain access into the networks of private and federal government departments.
The Justice Department has said more than two dozen U.S. attorneys’ offices had at least one employee whose email account was compromised.
She said it was an important reminder that anyone can be harmed by a sophisticated breach.
“We need to practice what we preach and be doing the same type of vigilance on our cybersecurity that we are asking companies to do,” she said.