The U.S. military has taken offensive measures against ransomware groups, U.S. Cyber Command leader Gen. Paul Nakasone confirmed Saturday.
“Before, during and since, with a number of elements of our government, we have taken actions and we have imposed costs,” Nakasone told The New York Times in an interview. “That’s an important piece that we should always be mindful of.”
CNN confirmed the offensive cyber-operations to disrupt foreign ransomware groups with a military spokesperson.
U.S. Cyber Command, the military’s top hacking unit, has reportedly been going after criminal groups dating back to before the 2020 election, when it attempted to knock out TrickBot, a network of infected computers used to deliver malware. More recently, the command had role in shutting down ransomware group REvil’s operations, working with foreign governments to redirect traffic from the group’s website, The Washington Post first reported in November.
Both the spokesperson and Nakasone declined to comment on specific operations.
The Biden administration has made taking on ransomware groups a top priority of its cybersecurity agenda after a series of attacks on U.S. critical infrastructure, including the disruption of major fuel provider Colonial Pipeline in May and July attack by REvil on IT firm Kaseya.
The growing number of ransomware attacks against critical U.S. targets has also become a key point of diplomatic tension with Russia, which is believed to harbor many ransomware actors.
“When I met with President Putin in June, I made clear that the United States would take action to hold cybercriminals accountable,” President Joe Biden said in a statement following the REvil takedown. “That’s what we have done today. We are bringing the full strength of the federal government to disrupt malicious cyber activity.”
Biden is scheduled to hold a video call with Russian President Vladimir Putin on Tuesday to discuss cybersecurity and a range of other issues.