WASHINGTON — The Justice Department is stepping up actions to combat ransomware and cybercrime through arrests and other actions, its No. 2 official told The Associated Press, as the Biden administration escalates its response to what it regards as an urgent economic and national security threat.
Deputy Attorney General Lisa Monaco said that “in the days and weeks to come, you’re going to see more arrests," more seizures of ransom payments to hackers and additional law enforcement operations.
“If you come for us, we’re going to come for you,” Monaco said in an interview with the AP this week. She declined to offer specifics about who in particular might face prosecution.
The actions are intended to build off steps taken in recent months, including the recent extradition to the U.S. of a suspected Russian cybercriminal and the seizure in June of $2.3 million in cryptocurrency paid to hackers. They come as the U.S. continues to endure what Monaco called a “steady drumbeat” of attacks despite President Joe Biden's admonitions last summer to Russian counterpart Vladimir Putin after a spate of lucrative attacks linked to Russia-based hacking gangs.
“We have not seen a material change in the landscape. Only time will tell as to what Russia may do on this front,” Monaco said.
Another official, National Cyber Director Chris Inglis, painted a rosier picture, telling lawmakers Wednesday that the U.S. had seen a “discernible decrease” in attacks emanating from Russia but that it was too soon to say why.
But Monaco added: “We are not going to stop. We’re going to continue to press forward to hold accountable those who seek to go after our industries, hold their data hostage and threaten economic security, national security and personal security.”
Monaco is a longtime fixture in Washington law enforcement, having served as an adviser to Robert Mueller when he was FBI director and as head of the Justice Department's national security division. She was a White House official in 2014 when the Justice Department brought a first-of-its-kind indictment against Chinese government hackers.
Monaco's current position, with oversight of the FBI and other Justice Department components, has made her a key player in U.S. government efforts against ransomware. That fight has defied easy solutions given the sheer volume of high-dollar attacks and the ease with which hackers have penetrated private companies and government agencies alike. How much lasting impact the latest actions will have is also unclear.
Though not a new phenomenon, ransomware attacks — in which hackers lock up and encrypt data and demand often-exorbitant sums to release it to victims — have exploded in the last year with breaches affecting vital infrastructure and global corporations.
Colonial Pipeline, which supplies roughly half the fuel consumed on the East Coast, paid more than $4 million after a May attack that led it to halt operations, though the Justice Department clawed the majority of it back by gaining access to the cryptocurrency wallet of the culprits, known as DarkSide. The public should expect to see more such seizures, Monaco said.
JBS, the world's largest meat processor, paid $11 million in June following a hack by a Russian group known as REvil, which weeks later carried out what's believed to be the largest single ransomware attack on record — largely through firms that remotely manage IT infrastructure for multiple customers.
The splashy attacks elevated ransomware as an urgent national security priority while the administration scrambled to stem the onslaught.
Inside the Justice Department, officials in April formed a ransomware task force of prosecutors and agents, and they've directed U.S. attorney offices to report ransomware cases to Washington just as they would terrorism attacks.
It has also tried prosecutions, extraditing from South Korea last month an accused Russian hacker, Vladimir Dunaev, who prosecutors say participated in a cyber gang whose malicious software — “Trickbot” — infected millions of computers.
“You're going to see more actions like you saw last week in the days and weeks to come," Monaco said.
Still, holding foreign hackers accountable in the U.S. is notoriously difficult, and ransomware gangs are abundant. Even if recent attacks haven't generated the same publicity as the ones last spring, Monaco said there's been no discernible change in behavior by opportunistic hackers still targeting a range of industries with attacks that threaten to paralyze crucial business operations — or force multimillion-dollar payouts.
Monaco said she's sympathetic to the hard decisions companies must make, in part because she's had experience confronting criminals' monetary demands.
As homeland security and counterterrorism adviser in the Obama administration, she helped craft a policy on Americans held hostage overseas. The policy reiterated that ransom payments for hostages were discouraged and illegal, but also made clear that prosecutors didn't plan to prosecute families who made such payments.
“What it reflects, and frankly what the whole endeavor reflected, was a sense on Lisa’s part that this was an area where you needed an extraordinary balance between policy and humanity,” said Joshua Geltzer, the Biden administrator's deputy homeland security adviser who worked with Monaco in the Obama White House.
The U.S. government has publicly discouraged ransomware payments but Monaco — who during the Obama administration faced criticism from hostage families about the government's response to their plight — says the administration is trying to listen to and work with victimized companies.
Officials have shown no interest in prosecuting companies that pay ransom to hackers, though Monaco did announce last month that the department was prepared to sue federal contractors who fail to disclose that they've been hacked or who fail to meet cybersecurity standards.
“We have experienced where companies do not pay the attention they need to on this front," Monaco said.
Ransomware attacks have flourished even as the federal government grapples with more old-fashioned, albeit sophisticated, cyber espionage. The Justice Department was among the agencies hit hard by the SolarWinds breach, in which Russian government hackers exploited a supply chain vulnerability to gain access to the networks of federal departments and private companies.
The Justice Department has said more than two dozen U.S. attorneys' offices had at least one employee whose email account was compromised.
It was a reminder, she said, that no one is immune from a sophisticated breach.
“We need to practice what we preach and be doing the same type of vigilance on our cybersecurity that we are asking companies to do,” she said.