EDITOR NOTE: There are a couple of important takeaways that aren’t mentioned in the article you’re about to read. First, do you trust the companies that store your private digital data or assets? We’re not talking about their intentions, but rather, their actions toward keeping your private assets safe. Do they have adequate cybersecurity technologies, or do they have an in-house cybersecurity expert or team? How would you even know, as such information is typically not transparent? Second, due to the use of cryptocurrencies in cyberattacks, you can almost guarantee that cryptos will soon be closely monitored by the government. Its privacy features and incentives may soon be abolished. So, if you’re looking to hold cryptos to bolster asset privacy while taking your money out of the fiat system--which doesn’t really make sense because cryptos aren’t easily fungible--then you can forget about it. If you’re truly looking to store private and secure assets as a hedge against the current monetary regime, there’s nothing that can come close to storing non-CUSIP gold and silver in a private depository. Neither cyberhackers nor the government can monitor non-trackable (i.e. non-CUSIP) assets in cold storage.
A top Justice Department official warned Friday that U.S. business leaders need to do more to prepare for an onslaught of ransomware attacks being carried out by overseas states and criminal groups.
“The message needs to be to the viewers here, to the CEOs around the country, that you’ve got to be on notice of the exponential increase of these attacks,” Lisa Monaco, deputy attorney general, told CNBC’s Eamon Javers in her first televised interview since joining the Justice Department in April.
Monaco, who has spearheaded the DOJ’s efforts to defend against cyberattacks, said the recent high-profile hacks of Colonial Pipeline and meat processing company JBS were reflective of the sorts of intrusions taking place every day.
“If you are not taking steps — today, right now — to understand how you can make your company more resilient, what is your plan?” Monaco said, addressing business leaders. “If your head of security came to you today and said, ‘We’ve been hit, boss,’ what is your plan? Do you know, and does your head of security know the name and number of the FBI leader in your area who deals with ransomware attacks? These are steps that you’ve got to be taking, right now — today — to make yourselves more resilient.”
Monaco, who was a homeland security advisor to former President Barack Obama, on Thursday issued a memo to the nation’s federal prosecutors requiring the centralization of reporting of ransomware attacks. Shortly after joining the DOJ, she initiated a 120-day review of cybersecurity challenges the department faces.
“What we are doing here at the Department of Justice is reflective of the threat that ransomware poses to national security and to economic security,” Monaco said.
Both of the two most recent publicized attacks, against Colonial Pipeline and JBS, have been linked to criminal groups in Russia. Monaco declined to speculate about whether Russian President Vladimir Putin, a U.S. antagonist, played any role in the debilitating incursions.
“We know that indeed the most recent attacks, against JBS Foods and Colonial Pipeline, are linked to criminal actors, criminal groups that are known to law enforcement, that have ties to Russia, and these are attackers who have struck before. And, frankly, it is reflective of a threat that is ongoing,” Monaco said.
“Today, Eamon, indeed, as we speak, companies are under attack from ransomware attacks, from malicious cyber attackers, whether they are criminals, whether they are nation states, or whether they are what we call a ‘blended threat’ of the two,” she added.
CNBC's @EamonJavers: Did JBS pay a ransom?
DAG Monaco: I don't know the answer to that.
Eamon Javers: Do you think govt should know if these companies are paying ransoms?
DAG Monaco: Yes, I think we need to know.
— Mary Catherine (@mcwellons) June 4, 2021
JBS, the largest meatpacker in the world, was affected Monday by a cyberattack that interfered with its operations in North America. By Tuesday, the company said it had made significant progress getting back online, though it did not disclose whether it paid a ransom.
Monaco said she did not know whether the company paid a ransom. But, she said, “I think we need to know” when companies do pay in response to attacks. Investigators, including the FBI, need to be able to “follow that money,” she said, noting that it is often paid in cryptocurrency.
Colonial Pipeline CEO Joseph Blount has said that his company paid DarkSide, the criminal group behind the attack, a $4.4 million ransom in bitcoin. DarkSide shut itself down in May but had reportedly received $90 million in bitcoin ransom payments.
“The use of cryptocurrency can have many good applications, of course, but we have to be mindful of the misuse, the abuse, of criminal actors in this space,” Monaco said. “That’s why we really need, both the exchanges and the companies that are going to be working with them, to cooperate with the FBI.”
Monaco also said that it was crucial for companies — particularly those that are publicly traded — to disclose when they’ve been hit by ransomware attacks.
“It’s critical to the public to understand just what steps companies are taking to make themselves more resilient,” she said.
Also on Friday, the FBI released a statement on the recent ransomware attacks, calling its investigations a “top priority.”
“The FBI has a long-standing history of confronting unique challenges in the cyberspace and imposing risk and consequences on our nation’s cyber adversaries,” it said. “Through trust-based relationships with our private sector partners, we are indispensable in the fight against cyberattacks.”
Original post from CNBC