A top Justice Department official warned Friday that U.S. business leaders need to do more to prepare for an onslaught of ransomware attacks being carried out by states and criminal groups overseas.
“The message needs to be to the viewers here, to the CEOs around the country, that you’ve got to be on notice of the exponential increase of these attacks,” Lisa Monaco, deputy attorney general, told CNBC’s Eamon Javers in her first televised interview since joining the Justice Department in April.
Monaco, who has spearheaded the DOJ’s efforts to defend against cyberattacks, said the recent high-profile hacks of Colonial Pipeline and meat processing company JBS were reflective of the sorts of intrusions taking place every day.
“If you are not taking steps — today, right now — to understand how you can make your company more resilient, what is your plan?” Monaco said, addressing business leaders. “If your head of security came to you today and said, ‘We’ve been hit, boss,’ what is your plan? Do you know, and does your head of security know the name and number of the FBI leader in your area who deals with ransomware attacks? These are steps that you’ve got to be taking, right now — today — to make yourselves more resilient.”
Monaco, who was a homeland security advisor to former President Barack Obama, on Thursday issued a memo to the nation’s federal prosecutors requiring the centralization of reporting of ransomware attacks. Shortly after joining the DOJ, she initiated a 120-day review of cybersecurity challenges the department faces.
“What we are doing here at the Department of Justice is reflective of the threat that ransomware poses to national security and to economic security,” Monaco said.
Both of the two most recent publicized attacks, against Colonial Pipeline and JBS, have been linked to criminal groups in Russia. Monaco declined to speculate about whether Russian President Vladimir Putin, a U.S. antagonist, played any role in the debilitating incursions.
“We know that indeed the most recent attacks, against JBS Foods and Colonial Pipeline, are linked to criminal actors, criminal groups that are known to law enforcement, that have ties to Russia, and these are attackers who have struck before. And, frankly, it is reflective of a threat that is ongoing,” Monaco said.
“Today, Eamon, indeed, as we speak, companies are under attack from ransomware attacks, from malicious cyber attackers, whether they are criminals, whether they are nation states, or whether they are what we call a ‘blended threat’ of the two,” she added.
JBS, the largest meatpacker in the world, was affected Monday by a cyberattack that interfered with its operations in North America. By Tuesday, the company said it had made significant progress getting back online, though it did not disclose whether it paid a ransom.
Monaco said she did not know whether the company paid a ransom. But, she said, “I think we need to know” when companies do pay in response to attacks. Investigators, including the FBI, need to be able to “follow that money,” she said, nothing that it is often paid in cryptocurrency.
Colonial Pipeline CEO Joseph Blount has said that his company paid DarkSide, the criminal group behind the attack, a $4.4 million ransom in bitcoin. DarkSide shut itself down in May but had reportedly received $90 million in bitcoin ransom payments.
“The use of cryptocurrency can have many good applications, of course, but we have to be mindful of the misuse, the abuse, of criminal actors in this space,” Monaco said. “That’s why we really need, both the exchanges and the companies that are going to be working with them, to cooperate with the FBI.”
Monaco also said that it was crucial for companies — particularly those that are publicly traded — to disclose when they’ve been hit by ransomware attacks.
“It’s critical to the public to understand just what steps companies are taking to make themselves more resilient,” she said.