U.S. Attorney General Merrick Garland warned Wednesday that ransom-motivated cyberattacks are "getting worse and worse," echoing other top Biden administration officials who have sounded the alarm about the problem in recent weeks.
"We have to do everything we possibly can here," Garland told lawmakers. "This is a very, very serious threat."
The attorney general's warning during a Senate hearing on the Justice Department's fiscal 2022 budget request followed a pair of high-profile ransomware attacks over the past month that have rattled the U.S. national security and law enforcement establishment and sparked calls for beefed-up cyber defenses.
In a ransomware attack, hackers lock a company's or organization's data, offering keys to unlock the files in exchange for a large sum of money.
Last month, cybercriminals believed to be based in Russia hacked the computer networks of Colonial Pipeline, America's largest fuel pipeline operator, disrupting supplies along the East Coast and touching off panic-buying. Colonial later said it paid $4.4 million to retrieve access to its network. On Monday, the Justice Department revealed it had seized most of the ransom.
Last week, ransomware criminals struck JBS USA, the U.S. arm of the world's largest processor of fresh beef and pork based in Brazil. JBS refused to pay a ransom and was forced to shut down its processing facilities in the United States.
The White House has said the criminal gangs behind both attacks — known as DarkSide and REvil — are likely based in Russia, but officials have not alleged any ties to the Russian government. The Justice Department identified DarkSide as the hacking group that was targeted by law enforcement officials for retaliation and ransom recovery.
The ransomware attacks are likely to hang over the June 16 meeting between President Joe Biden and Russian President Vladimir Putin. Secretary of State Antony Blinken told lawmakers on Monday that Biden will make clear to Putin that "states cannot be in the business of harboring those who are engaged in these kinds of attacks."
Once seen as a financial crime, ransomware has emerged as a growing national security threat in just the last couple of years, as cybercriminals have turned to attacking local governments, schools, hospitals and other critical service providers, and demanding millions of dollars in ransom.
According to a May 12 report by Check Point Research, ransomware attacks more than doubled this year compared with the beginning of 2020, with health care and utilities the most commonly targeted sectors.
"You can imagine what could happen if we had multiple attacks at the same time on even more fundamental infrastructure. So, I'm very worried about it, and so is the administration," Garland said. "And that's why we've asked for such a large increase in our cyber budget."
The Justice Department's nearly $36 billion budget includes about $1.1 billion for cybersecurity. If approved by Congress, that would constitute the largest increase in cybersecurity resources for the department in more than a decade, according to Garland.
In April, before the attack on Colonial, the Justice Department set up an internal task force dedicated to developing strategies to combat ransomware. Its first major operation was recapturing most of the millions of dollars paid in ransom by Colonial to DarkSide hackers, Deputy Attorney General Lisa Monaco announced.
Garland called the recovery a "significant success," but he said it is not enough.
"This has to be a constant, just a constant focus," he said, adding that he has discussed the issue with his counterparts from major U.S. allies.