The effort is part of what Gen. Paul Nakasone, the head of Cyber Command, calls “persistent engagement,” or the imposition of cumulative costs on an adversary by keeping them constantly engaged. And that is a key feature of CyberCom’s activities to help protect the election against foreign threats, officials said.
“Right now, my top priority is for a safe, secure, and legitimate 2020 election,” Nakasone said in August in a set of written responses to Washington Post questions. “The Department of Defense, and Cyber Command specifically, are supporting a broader ‘whole-of-government’ approach to secure our elections.”
Trickbot is malware that can steal financial data and drop other malicious software onto infected systems. Cyber criminals have used it to install ransomware, a particularly nasty form of malware that encrypts users’ data and for which the criminals then demand payment — usually in cryptocurrency — to unlock.
Brian Krebs, who writes the blog KrebsonSecurity, first reported on the existence of the operation. Cyber Command’s role was previously unreported. The command declined to comment.
Department of Homeland Security Officials fear that a ransomware attack on state or local voter registration offices and related systems could disrupt preparations for Nov. 3 or cause confusion or long lines on Election Day. They also note that ransomware is a major threat beyond elections.
Trickbot was used last month in a damaging attack against a major health-care provider, Universal Health Services, whose systems were locked up by the ransomware known as Ryuk. The attack forced personnel to resort to manual systems and paper records, according to reports. UHS runs more than 400 facilities across the United States and Britain. Some patients reportedly were rerouted to other emergency rooms and experienced delays in getting test results.
On Sept. 22, cyber threat researchers who monitor the Trickbot network noticed