By Elisabeth Buscemi
In response to the surge in ransomware attacks targeting operational processes and industrial control systems, US Homeland Security’s Cybersecurity and Infrastructure Security Agency released guidance to critical infrastructure operators. The document urges manual controls to isolate critical processes from IT networks.
CISA’s recommendations follow the Colonial Pipeline ransomware incident that crippled gasoline supplies in the south-eastern United States for two weeks and led the pipeline to pay a nearly $5 million ransom to their cyber attackers. In a separate incident last month, JBS Foods, the world’s largest meat supplier, was targeted in a ransomware attack that prompted shutdowns at the company’s plants in the US and Australia.
The US is also increasing its attempts to get at the human root of the attacks: cyber criminals.
Deputy Attorney General Lisa Monaco issued guidance last week to federal prosecutors laying out “new requirements relating to ransomware or digital extortion attacks and investigations and cases with a nexus to ransomware and digital extortion.” The US Justice Department’s Computer Crime and Intellectual Property section, Money Laundering and Asset Recovery section, National Security Division, and Federal Bureau of Investigation will collaborate to “disrupt and dismantle the infrastructure and networks used to carry out these attacks,” the memo stated.
This week, the agency announced that it successfully tracked cryptocurrency transfers paid to the ransomware group Darkside and seized $2.3 million.
Both the Justice Department and CISA efforts are part of a series of initiatives rolled out by the White House and federal agencies to tackle ransomware. This robust “whole-of-government response” to a global threat is similar to the government’s approach leading to the US Patriot Act, which spurred a frenzy of anti-money laundering and counterterrorist financing regulations.
On the heels of the Colonial Pipeline attack, the Biden administration released a $2 trillion infrastructure proposal, which included $2 billion for improving the energy sector’s cybersecurity and grid resilience. The proposal was followed by a directive issued by the Transportation Security Administration which required pipeline operators to report cyber incidents and attacks to TSA and CISA within 12 hours after the discovery of a cyber incident.
Following the JBS Foods ransomware incident, White House deputy national security adviser for cyber Anne Neuberger announced a “multi-pronged and whole-of-government response”. At the same briefing, White House Press Secretary Karine Jean-Pierre said the Biden administration is engaged with Russia to deliver a message “that responsible states do not harbor ransomware criminals.”
Additional reporting by Jeremy Seth Davis.