Deputy Director Speaks at Press Conference on Colonial Pipeline Ransomware Attack

2 years ago

This is just the latest disruption that the FBI and DOJ have taken to impose risk and consequences on cyber adversaries.

Since announcing our new cyber strategy last year, we have dismantled the infrastructure of the Emotet criminal botnet through an unprecedented coalition of U.S. and international law enforcement and private industry partners. Additionally, we have joined other government partners to expose a cyber tool developed by the Russian GRU. We have also used legal authorities to remove malicious back doors installed on the networks of Microsoft Exchange Server customers across the United States. And just last week, DOJ announced the seizure of two command-and-control domains used by the perpetrators of a wide spear phishing campaign.

This focus on joint action and collaboration is exemplified by the National Cyber Investigative Joint Task Force, which brings together intelligence community, law enforcement, and cybersecurity agencies for a whole-of-government approach against these cyber threats.

Our partners in the intelligence community and across government are central to these efforts. Leveraging each of our authorities and capabilities enables us to conduct coordinated operations to respond to and deter malicious activity from groups like DarkSide.

There’s a lot of exceptional behind-the-scenes teamwork that goes into both identifying effective ways to target adversaries, and predicating actions that we may take against them.

I want to give major thanks to the incredibly hard-working agents, intelligence analysts, and professional staff of the FBI’s Atlanta and San Francisco Field Offices and the FBI Cyber Division, along with the government-wide partners who assisted in this investigation and seizure.

These cases require a significant level of determination and technical expertise, and without a doubt, every individual involved displayed that through the achievements reflected here today.

We continue to be committed to using the information and intelligence we develop through our investigations to take early, meaningful steps to protect the public and be preventative.

We will continue to work relentlessly and seek innovative ways to use our unique authorities, world-class capabilities, and enduring partnerships for maximum impact against our adversaries.

Today, we deprived a cyber-criminal enterprise of the object of their activity—their financial proceeds and funding. For financially motivated cyber criminals, especially those presumably located overseas, cutting off access to revenue is one of the most impactful consequences we can impose.

When the FBI combines our law enforcement and intelligence authorities with those of our partners in government and the cooperative relationship with private industry, and when we have victims willing to share information to further our collective efforts against cyber adversaries, we can have immediate, permanent effect on ransomware actors.

That is why it is so critical for victims to report intrusions to us as soon as possible and then work with us to provide evidence and intelligence for our investigations, leading to recovery, attribution, and, ultimately, prevention.

Victim reporting not only can give us the information we need to have immediate, real-world impact on the actors, it can also help prevent future intrusions into other victim networks and prevent further harm from occurring.

With continued cooperation and support from victims, private industry, and our U.S. and international partners, we will bring to bear the full weight and strength of our combined efforts and resources against those actors who think nothing of threatening public safety and our national security for profit.

Thank you.

Read Entire Article