General Paul M. Nakasone, head of US Cyber Command confirmed during a recent national security event that his agency has begun taking direct action against international ransomware gangs as part of a larger effort to curtail attacks on American companies and infrastructure.
The General explained that his agency is working hand-in-hand with the NSA, FBI, and other federal entities while during a talk at the Reagan National Defense Forum, a meeting of national security officials held on Saturday. After the talk, he noted to The New York Times that he sees Cyber Command's mission right now as focusing on trying to "understand the adversary and their insights better than we've ever understood them before."
The country's cybersecurity defense authority began targeting ransomware threats from organized crime rings around nine months ago, well before high-profile incidents like the Colonial Pipeline shutdown began to show just how severely ransomware attacks could disrupt national and global infrastructure.
While the General was cagey about the details of ongoing and previous counter operations, earlier reports have shown Cyber Command taking a hand in both punitive actions like those targeting Russian ransomware group REevil, as well as restoration efforts like the ones undertaken by the federal agencies following the Colonial Pipeline incident. The latter resulted in the "majority" of the ransom paid to the DarkSide ransomware ring being seized and recovered by the DOJ.
These actions are part of a larger effort called for by an executive order signed by the President in May of this year. The 2021 legislation instituted a nationwide governmental shift to security practices like mandatory 2FA use, zero-trust policies, and the creation of a new Cybersecurity Safety Review Board. General Nakasone's team has been combating similar threats since at least 2018 when he took command of the agency.
The head of Cyber Command expounded on the importance of "speed, agility, and unity of effort" at the recent event. He noted that these three factors were key in combating threats, regardless of whether they came from nation-states, proxies, or independent criminal organizations.
Going forward, Nakasone hopes to see a federal drive towards a "whole-of-government effort." The General sees diplomatic outreach programs and an expanded and borderless focus on protecting critical infrastructure assets as a vital step toward protecting the country against ransomware attacks and other cyber incursions.