The actions, which temporarily took down REvil, raise questions about using the military to combat ransomware.
Over the weekend, Gen. Paul M. Nakasone, the head of U.S. Cyber Command and the National Security Agency (NSA), confirmed what most cybersecurity specialists already knew: The U.S. military has engaged in offensive measures against ransomware groups. These actions were undertaken to stem the alarming and growing tide of ransomware attacks that have hit U.S. industry, notably Colonial Pipeline in May, and have afflicted hundreds of healthcare and educational institutions.
In October, Cyber Command, in conjunction with the Secret Service, FBI, and allied nations, diverted traffic around servers used by the Russia-based REvil ransomware group, forcing the group to disband, at least temporarily. Among other attacks, REvil targeted the world’s largest meat processor, JBS, in late-May, disrupting meat production for days. Cyber Command and NSA also helped the FBI and the Justice Department seize and recover 75 bitcoins worth more than $4 million that were part of the cryptocurrency ransom Colonial Pipeline paid.
Nakasone said the attacks on Colonial Pipeline and JBS impacted critical infrastructure. “Before, during and since, with a number of elements of our government, we have taken actions and we have imposed costs,” Nakasone said. Cyber Command’s first anti-ransomware effort occurred in 2020 when the military arm worked in parallel, but not in a coordinated fashion, with Microsoft to take down the Trickbot network.
This article appeared in CSO Online. To read the rest of the article please visit here.