Cyber Command Publicly Joins Fight Against Ransomware Groups  

U.S. military acknowledges targeting cybercriminals who launch attacks on U.S. companies.

Cybercriminals who launch attacks on critical U.S. companies are going to be targeted by the branch of the military known as Cyber Command, and everyone has been put on notice.

Gen. Paul Nakasone, who heads up Cyber Command, told the New York Times this weekend that his team isn’t just going after state actors, but that they’re taking on any cybercriminals who attack American infrastructure.

“Before, during and since, with a number of elements of our government, we have taken actions and we have imposed costs,” Nakasone said in the New York Times, according to CNN. “That’s an important piece that we should always be mindful of.”

We want to know what your biggest cloud security concerns and challenges are, and how your company is dealing with them. Weigh in with our exclusive, anonymous Threatpost Poll!

Law enforcement has had a few successes taking down malware operator groups like TrickBot and REvil, and taking down DarkSide‘s servers following its attack on the Colonial Pipeline, but the rise in cybercrime across almost every sector is undeniable.

Now the feds have called in the military.

Cyber Command’s public entry into the fray presents a whole new set of challenges for cybercriminals who previously enjoyed legal protections from law enforcement in their own countries and found sanction workarounds, Max Galka, CEO of Elementus explained to Threatpost.

“Direct involvement by the military is quite a shift,” Galka said. “It’s appropriate that the U.S military has stepped in. As a result of U.S. intervention over the last one or two years, a number of ransomware operators have responded by disappearing from the scene and offering in some cases free decryption tools to undo the damage.”

That itself proves the threat of consequence for cybercrime works.

“I expect this latest escalation will result in some of them retreating from the scene,” Galka added.

More Consequences, Fewer Cyberattacks

If the threat of being targeted by Cyber Command is scary enough to drive a few attackers out of business, that’s good news for the private sector, according to Rick Holland, vice president of Digital Shadows, which could use a bit of help under the weight of crushing cyberthreats to their organizations.

“Sanctions and FBI attempts to recover extortion payments can’t be done in isolation,” Holland told Threatpost. “Notification and recovery activities can’t be the only answer to minimizing extortion risks. Prevention, detection, response and recovery must work hand-in-hand.”

The military’s involvement in national security issues makes sense, but BreachQuest’s chief technology officer Jake Williams told Threatpost that the private sector should be mindful of overreach.

“Given the rich history of separation between military and law enforcement in the U.S., this should be viewed with extreme caution,” Williams said. “When cybercrime intersects with national-security concerns, military response is likely appropriate. However, we should be cautious about military involvement in the majority of cybercrime operations, whether from an investigative or response standpoint.”

There’s a sea of unstructured data on the internet relating to the latest security threats. REGISTER TODAY to learn key concepts of natural language processing (NLP) and how to use it to navigate the data ocean and add context to cybersecurity threats (without being an expert!). This LIVE, interactive Threatpost Town Hall, sponsored by Rapid 7, will feature security researchers Erick Galinkin of Rapid7 and Izzy Lazerson of IntSights (a Rapid7 company), plus Threatpost journalist and webinar host, Becky Bracken.

Register NOW for the LIVE event!

Suggested articles