U.S. Military Ends ‘Hands-Off’ Approach to Ransomware Attacks Against Civilians

Gen. Paul M. Nakasone, the head of U.S. Cyber Command and the director of the National Security Agency (NSA), has revealed that the U.S. military has taken actions against ransomware groups as part of its surge against organizations launching attacks against American companies, reports the New York Times.

Cyber Command, the NSA and other agencies have poured resources into gathering intelligence on the ransomware groups and sharing their newfound understandings across the government and with international partners, rather than the previous “hands-off stance.”

Nakasone added that one of the goals of the currently undisclosed actions was to better understand the attackers to a degree that they haven’t in the past, while also working to “impose costs” — which is the term military officials use to describe punitive cyberoperations, the New York Times details.

The first known government operation against a ransomware group by Cyber Command came before the 2020 election, when officials feared a network of computers known as TrickBot could be used to disrupt voting.

Since then, Cyber Command has diverted traffic around servers being used by the Russia-based REvil ransomware group and assisted the F.B.I. and the Justice Department in their efforts to seize and recover much of the cryptocurrency ransom paid by Colonial Pipeline.

See Also: After REvil, Who Are the Next Cyber Saboteurs?

The N.S.A.’s new Cybersecurity Collaboration Center was set up to improve information sharing between the government and industry and to better detect future intrusions. To that end, industry officials say more needs to be done to improve the flow of intelligence — just as Nakasone warns that attacks such as the recent SolarWinds hack are likely to continue by ransomware groups and others.

Most recently, the Washington Post reports that a cyberattack took Maryland’s health department offline, making dozens of health department services and resources unavailable as the Department of Health’s webpage was rerouted to the state’s flagship webpage, www.maryland.gov, and officials went through individual systems to determine whether any information had been stolen.

Meanwhile, NPR reports that criminal hacker groups have been sending threatening messages to companies that manage broadband phone services all over the world, promising they’ll flood the digital phone lines with traffic and take them offline unless victims pay a ransom.

Experts warn that the digital telecommunications industry was unprepared for this latest onslaught and has been forced to rethink their defensive strategy in a hurry.

Additional Reading: Natural Disasters Could Leave Communities Exposed to Cyberattacks: Report

This summary was prepared by TCR Deputy Editor Isidoro Rodriguez.