'Not going to stop': How US Justice Department fights cybercrime
| Washington
The Justice Department is stepping up actions to combat ransomware and cybercrime through arrests and other actions, its No. 2 official told The Associated Press, as the Biden administration escalates its response to what it regards as an urgent economic and national security threat.
Deputy Attorney General Lisa Monaco said that 鈥渋n the days and weeks to come, you鈥檙e going to see more arrests,鈥 more seizures of ransom payments to hackers, and additional law enforcement operations.
鈥淚f you come for us, we鈥檙e going to come for you,鈥 Ms. Monaco said in an interview with the AP this week. She declined to offer specifics about who in particular might face prosecution.
The actions are intended to build off steps taken in recent months, including the recent extradition to the United States of a suspected Russian cybercriminal and the seizure in June of $2.3 million in cryptocurrency paid to hackers. They come as the U.S. continues to endure what Ms. Monaco called a 鈥渟teady drumbeat鈥 of attacks despite President Joe Biden鈥檚 admonitions last summer to Russian counterpart Vladimir Putin after a spate of lucrative attacks linked to Russia-based hacking gangs.
鈥淲e have not seen a material change in the landscape. Only time will tell as to what Russia may do on this front,鈥 Ms. Monaco said.
Another official, National Cyber Director Chris Inglis, painted a rosier picture, telling lawmakers Wednesday that the U.S. had seen a 鈥渄iscernible decrease鈥 in attacks emanating from Russia but that it was too soon to say why.
But Ms. Monaco added: 鈥淲e are not going to stop. We鈥檙e going to continue to press forward to hold accountable those who seek to go after our industries, hold their data hostage, and threaten economic security, national security, and personal security.鈥
Ms. Monaco is a longtime fixture in Washington law enforcement, having served as an adviser to Robert Mueller when he was FBI director and as head of the Justice Department鈥檚 national security division. She was a White House official in 2014 when the Justice Department brought a first-of-its-kind indictment against Chinese government hackers.
Ms. Monaco鈥檚 current position, with oversight of the FBI and other Justice Department components, has made her a key player in U.S. government efforts against ransomware. That fight has defied easy solutions given the sheer volume of high-dollar attacks and the ease with which hackers have penetrated private companies and government agencies alike. How much lasting impact the latest actions will have is also unclear.
Though not a new phenomenon, ransomware attacks 鈥 in which hackers lock up and encrypt data and demand often-exorbitant sums to release it to victims 鈥 have exploded in the last year, with breaches affecting vital infrastructure and global corporations.
Colonial Pipeline, which supplies roughly half the fuel consumed on the East Coast, paid more than $4 million after a May attack that led it to halt operations, though the Justice Department clawed the majority of it back by gaining access to the cryptocurrency wallet of the culprits, known as DarkSide. The public should expect to see more such seizures, Ms. Monaco said.
JBS, the world鈥檚 largest meat processor, paid $11 million in June following a hack by a Russian group known as REvil, which weeks later carried out what鈥檚 believed to be the largest single ransomware attack on record 鈥 largely through firms that remotely manage IT infrastructure for multiple customers.
The splashy attacks elevated ransomware as an urgent national security priority while the administration scrambled to stem the onslaught.
Inside the Justice Department, officials in April formed a ransomware task force of prosecutors and agents, and they鈥檝e directed U.S. attorney offices to report ransomware cases to Washington, just as they would terrorism attacks.
It has also tried prosecutions, extraditing from South Korea last month an accused Russian hacker, Vladimir Dunaev, who prosecutors say participated in a cyber gang whose malicious software 鈥 鈥淭rickbot鈥 鈥 infected millions of computers.
鈥淵ou鈥檙e going to see more actions like you saw last week in the days and weeks to come,鈥 Ms. Monaco said.
Still, holding foreign hackers accountable in the U.S. is notoriously difficult, and ransomware gangs are abundant. Even if recent attacks haven鈥檛 generated the same publicity as the ones last spring, Ms. Monaco said there鈥檚 been no discernible change in behavior by opportunistic hackers still targeting a range of industries with attacks that threaten to paralyze crucial business operations 鈥 or force multimillion-dollar payouts.
Ms. Monaco said she鈥檚 sympathetic to the hard decisions companies must make, in part because she鈥檚 had experience confronting criminals鈥 monetary demands.
As homeland security and counterterrorism adviser in the Obama administration, she helped craft a policy on Americans held hostage overseas. The policy reiterated that ransom payments for hostages were discouraged and illegal, but also made clear that prosecutors didn鈥檛 plan to prosecute families who made such payments.
鈥淲hat it reflects, and frankly what the whole endeavor reflected, was a sense on Lisa鈥檚 part that this was an area where you needed an extraordinary balance between policy and humanity,鈥 said Joshua Geltzer, the Biden administrator鈥檚 deputy homeland security adviser who worked with Ms. Monaco in the Obama White House.
The U.S. government has publicly discouraged ransomware payments, but Ms. Monaco 鈥 who during the Obama administration faced criticism from hostage families about the government鈥檚 response to their plight 鈥 says the administration is trying to listen to and work with victimized companies.
Officials have shown no interest in prosecuting companies that pay ransom to hackers, though Ms. Monaco did announce last month that the department was prepared to sue federal contractors who fail to disclose that they鈥檝e been hacked or who fail to meet cybersecurity standards.
鈥淲e have experienced where companies do not pay the attention they need to on this front,鈥 Ms. Monaco said.
Ransomware attacks have flourished even as the federal government grapples with more old-fashioned, albeit sophisticated, cyber espionage. The Justice Department was among the agencies hit hard by the SolarWinds breach, in which Russian government hackers exploited a supply chain vulnerability to gain access to the networks of federal departments and private companies.
The Justice Department has said more than two dozen U.S. attorneys鈥 offices had at least one employee whose email account was compromised.
It was a reminder, she said, that no one is immune from a sophisticated breach.
鈥淲e need to practice what we preach and be doing the same type of vigilance on our cybersecurity that we are asking companies to do,鈥 she said.
This story was reported by The Associated Press.
