Homeland Security Secretary Alejandro Mayorkas said those who carry out ransomware attacks against hospitals and other critical infrastructure entities have no conscience, and are making a profit the wrong way.
"We're talking about criminals who want to make money illegally or who want to do harm independent of a profit motive," Mayorkas said in an exclusive interview with ABC News Chief Justice Correspondent Pierre Thomas. "We're not talking about people with conscience. For a ransomware attack to cripple a hospital and imperil the health and well-being of patients and personnel is more than unacceptable."
Mayorkas stressed, in an interview airing on ABC's Nightline Wednesday night, that every sector is vulnerable whether a business is small, medium or large.
"An integral part of our day-to-day life is based on the internet, not everybody, but so much of our country (it is)," the secretary said. "No one is invulnerable if they have a cyber element to their respective lives. And that speaks of the breadth and depth of the challenge."
The cost of ransomware against businesses is great -- having suffered $350 million in losses and a 300% increase in ransomware attacks, Mayorkas explained.
He said that he hopes another major event, similar to the Colonial Pipeline hack, doesn't have to be the wake-up call people need to secure their systems.
"I do hope that people learn from the images that they saw of people waiting in gas lines and saying, 'wait, this is actually affecting my ability to fill my tank and get to work to be able to pick up my kids,'" Mayorkas said.
Mayorkas said he understands the complexity and difficulties that companies are facing with the decision to pay the ransom as Colonial did, but he said the government urges companies not to pay the ransom.
"That is putting profit in the pockets of the criminal and only motivating them to continue their criminal behavior. So we do not support the payment of the ransomware. But at the same time here we understand the challenge that a company faces," Mayorkas said.
He said it is an "obligation" from the public to help "cure" some of the lack of cyber resilience that is going on in the country, and urged businesses to protect themselves.
"Businesses can do a lot, too," he added. "We test our employees vigilance with respect to spearfishing exercises. We make sure that they change their passwords. We engage in multi-factor authentication and other tools."
With respect to U.S. adversaries, the secretary said Russia and China are the ones engaging in the most activity. There are red lines, he said, without elaborating, and said it was difficult to ascribe Russia's motive.