December 1, 2023

A senior Justice Department official warned Friday that US business leaders must do more to prepare for an onslaught of ransomware attacks by foreign states and criminal groups.

“The message has to be to viewers here, CEOs across the country, that they are seeing the exponential increase in these attacks,” said Lisa Monaco, Assistant Attorney General, CNBC’s Eamon Javers in her first television interview since joining the Justice Department in April .

Monaco, which has spearheaded the DOJ’s efforts to deter cyberattacks, said the recent high-profile hacks on the Colonial Pipeline and meat processing company JBS mirror the types of break-ins that happen every day.

“If you don’t take steps – today and now – to understand how to make your business more resilient, what is your plan?” Said Monaco, addressing business leaders. “If your chief security officer came to you today and said, ‘We’ve been hit, boss’, what’s your plan? You know, and does your chief security officer know the name and number of the FBI leader near you? Who cares about ransomware- Attacks? These are steps you must take now – today – to make yourself more resilient. “

Monaco, who was a homeland security adviser to former President Barack Obama, issued a memo to the country’s federal prosecutors on Thursday calling for the centralization of reporting of ransomware attacks. Shortly after joining the DOJ, she launched a 120-day review of the department’s cybersecurity challenges.

“What we are doing here at the Justice Department reflects the threat that ransomware poses to national and economic security,” Monaco said.

The two most recently published attacks against Colonial Pipeline and JBS have been linked to criminal groups in Russia. Monaco declined to speculate on whether Russian President Vladimir Putin, a U.S. opponent, played a role in the debilitating raids.

“We know that the recent attacks against JBS Foods and Colonial Pipeline have actually been linked to criminal actors, criminal groups known to law enforcement and ties to Russia, and these are attackers who have already struck, it reflects one persistent threat, “said Monaco.

“Today, Eamon, businesses are actually being attacked by ransomware attacks, from malicious cyber attackers, whether they are criminals, nation-states or what we call a” mixed threat “of both,” she added.

JBS, the world’s largest meat packer, was hit by a cyberattack on Monday that affected its operations in North America. As of Tuesday, the company said it had made significant strides in restoring the internet, but did not disclose whether it paid a ransom.

Monaco said it doesn’t know if the company paid a ransom. But she said, “I think we need to know” when companies are paying in response to attacks. Investigators, including the FBI, should be able to “follow that money,” she said, none of the fact that it is often paid for in cryptocurrency.

Colonial Pipeline CEO Joseph Blount said his company paid a ransom of $ 4.4 million in bitcoin to DarkSide, the criminal group behind the attack. DarkSide self-closed in May but had reportedly received $ 90 million in bitcoin ransom payments.

“The use of cryptocurrency can of course have many good applications, but we have to be aware of the abuse, the abuse of criminal actors in this area,” said Monaco. “So we need both the exchanges and the companies that are going to work with them to really work with the FBI.”

Monaco also said it was vital for companies – especially those that are publicly traded – to disclose when they have been hit by ransomware attacks.

“It is important for the public to understand the steps companies are taking to make themselves more resilient,” she said.

Also on Friday, the FBI released a statement on the recent ransomware attacks, calling its investigation “top priority”.

“The FBI has a long history of addressing unique cyberspace challenges and of imposing risks and ramifications on our nation’s cyber adversaries,” it said. “Thanks to trusting relationships with our partners from the private sector, we are indispensable in the fight against cyberattacks.”