Ransomware targeted by Justice Department as attacks flourish

Colonial Pipeline storage tanks in Woodbridge, N.J.
Colonial Pipeline storage tanks in Woodbridge, N.J. The Justice Department is setting its sights on ransomware attacks such as the one that temporarily hobbled U.S. oil distribution.
(Ted Shaffrey / Associated Press)

The Justice Department is vowing to systematically track and prosecute ransomware attacks, making the effort to counter the increasingly dangerous and disruptive online assaults on crucial services a top priority.

The department will now require federal prosecutors across the country to notify senior officials of any significant new developments in ransomware investigations or when they learn of a new digital extortion attack, according to a directive issued Thursday by Deputy Atty. Gen. Lisa Monaco.

“To ensure we can make necessary connections across national and global cases and investigations, and to allow us to develop a comprehensive picture of the national and economic security threats we face, we must enhance and centralize our internal tracking of investigations and prosecutions of ransomware groups and the infrastructure and networks that allow these threats to persist,” Monaco wrote.


The move is one of the first major efforts by the Biden administration in response to the growing threat of attacks in which hackers disrupt services and demand that companies pay ransom to unfreeze data and computers. Victims have included Colonial Pipeline Co. and JBS, the world’s largest meat processor.

U.S. officials have determined that criminal hacking groups behind the attacks were probably operating from Russia.

President Biden will press his Russian counterpart, Vladimir Putin, at their meeting this month to crack down on the groups, White House Press Secretary Jen Psaki said Thursday.

The U.S. president’s message at the one-on-one meeting in Geneva on June 16 will be that “responsible states do not harbor ransomware criminals, and responsible countries must take decisive action against those ransomware networks,” Psaki said.

Former Defense Secretary Leon E. Panetta said Thursday that Biden’s message needs to be clear and definitive: “You continue to do this, you will pay a price. Period,” Panetta said in an interview on Bloomberg Television’s “Balance of Power” program.

“President Biden has to make very clear that there are lines here that the Russians cannot cross,” said Panetta, who also served as director of the CIA. “Putin only understands very strong talk.”


Although Panetta didn’t specify what steps could be taken against Russia, he mentioned that the U.S. has developed capabilities to mount offensive cyber operations.

The Russian government has denied knowing about or being involved in the ransomware attacks, a claim that Panetta said he didn’t believe.

“These criminal organizations are operating under the cover of the Russian government, and they’re basically doing what the Russian government supports, which is to undermine the United States of America,” Panetta said.

The new Justice Department directive comes after ransomware attacks have crippled operations of targets including schools, state governments, hospitals and infrastructure. The U.S. Department of Homeland Security conducted a 60-day “sprint” to tackle the attacks. Yet the U.S. has struggled to deter the criminals responsible.

Brazilian company JBS has partly restarted beef production after a ransomware attack Sunday forced it to halt operations around the globe. And last month, the biggest pipeline operator in the U.S., Colonial Pipeline, shut down operations after it was hit with an attack that resulted in gasoline shortages and price increases.

Beyond confronting Putin, the Biden administration also must develop a comprehensive cybersecurity strategy that involves working with the private sector and developing cutting-edge technologies, Panetta said.


He added that it’s “dangerous” for companies to keep paying ransoms to hackers. “If they pay off these ransoms, what they do is they send a signal to these criminal organizations to continue to do what they’re doing,” he said.

Bloomberg staff writers Justin Sink and Jennifer Epstein contributed to this report.