US Military Taking Offensive Action Against Ransomware Groups

The hacking unit of the US Military – Cyber Command has confirmed that it has taken offensive action against ransomware groups responsible for major cyber-attacks on US companies and critical infrastructure.

These actions come after a surge in ransomware attacks against the US in 2021, such as the one on Colonial Pipeline in May, which caused havoc on the entire economy and resulted in President Biden signing an executive order to improve US cybersecurity defenses. This led many security agencies across the nation to ramp up their activity against cybercrime operations worldwide.

In the attack on Colonial Pipeline, hackers used code to seize control of its computer system and demanded ransom to unlock it. Many companies, hospitals, small banks, and other entities have also fallen victim to this type of attack.

Cyber Command, the NSA, and other agencies continue to gather and share intelligence on ransomware groups with the US government, as well as international partners.

“The first thing we have to do is to understand the adversary and their insights better than we’ve ever understood them before,” said General Paul M. Nakasone, head of the Cyber Command and director of the National Security Agency (NSA).


Our Cyber Incident Response Team provides an elite response for your organization after a Ransomware or Cyber Extortion Incident. LIFARS executes Bitcoin payments and establishes cyber secure perimeter guided with proper regulatory and legal oversight. Ransomware Response and Cyber Extortion containment is our expertise.


One way the US military is trying to disrupt cybercrime group operations, according to Nakasone, is by cutting off their sources of funding. “Before during and since, with a number of elements of our government, we have taken actions, and we have imposed costs,” he told the New York Times.

Cybercrime has added another stain to the US-Russia relations, as most of the malicious activity originates from Russia or other countries of the former Soviet Union. “When I met with President Putin in June, I made clear that the United States would take action to hold cybercriminals accountable,” said President Biden after the takedown of REvil – a big cybercriminal group responsible for the July attack on Kaseya.

The two heads of state held a video call meeting on December 7th, discussing cybersecurity among a range of other topics.