DOJ Launches Task Force to Battle Ransomware ThreatProsecutors to Target the 'Ransomware Criminal Ecosystem'
The Justice Department is creating a task force to tackle the growing threat of ransomware and related extortion schemes targeting school districts, hospitals and others, according to an internal department memo that began circulating this week.
See Also: Automating Security Operations
The newly established Ransomware and Digital Extortion Task Force will include DOJ officials as well as representatives from the FBI and the Executive Office for United States Attorneys.
The task force will target the "ransomware criminal ecosystem as a whole," which means prosecuting those behind the attacks as well as those who launder money that's extorted, the memo states.
"This will include the use of all available criminal, civil, and administrative actions for enforcement, ranging from takedowns of servers used to spread ransomware to seizures of these criminal enterprises' ill-gotten gains," the memo adds.
The new task force's goals also include devising ways to: increase training and resources to address ransomware attack risks; boost intelligence gathering; leverage investigative leads, including connections between cybercriminal gangs and nation-state groups; and improve coordination across the Justice Department.
In recent months, ransomware gangs have been demanding multimillion-dollar extortion payments from victims, including several large corporations, in exchange for not publishing stolen data.
This week, the ransomware gang REvil - aka Sodinokibi - threatened to release stolen Apple device blueprints unless it received a $50 million payoff from the company after the gang attacked one of its third-party partners (see: REvil Ransomware Gang Threatens Stolen Apple Blueprint Leak).
Chainalysis published a report in March that estimated criminal groups reaped $370 million in ransom payments in 2020, up 336% from 2019.
Acting Deputy Attorney General John Carlin, who wrote the DOJ task force memo, notes that 2020 was the "worst year ever" for ransomware attacks and extortion attempts. The goal of the task force, he wrote, is to protect businesses and individuals alike.
"If we don’t break the back of this cycle, a problem that’s already bad is going to get worse," Carlin told The Wall Street Journal, which first reported on the memo.
Building on Successful Takedowns
The task force will seek to build on the success of the Justice Department's previous takedowns of ransomware and other cybercriminal operations, according to the memo. This includes the disruption of the Emotet botnet earlier this year as well as the seizure of servers and infrastructure in January that belonged to the Netwalker ransomware gang.
Sam Curry, chief security officer at Cybereason, says: "Now is the time for leadership, and the DOJ, among others, is stepping up. Ransomware is a scourge that must stop because its trajectory has the potential to undermine one of the greatest [economies]. … It's time to give the defenders new tools, advantages and alliances."
The DOJ task force needs to be coupled with ongoing efforts at both the State and Treasury departments to curb ransomware, says Megan Stifel, the executive director of the Americas for the Global Cyber Alliance, who calls for a "whole of government" strategy (see: Treasury Dept. Warns Against Facilitating Ransom Payments).
Joseph Neumann, cyber executive advisor at consulting firm Coalfire, notes that without the full cooperation of those companies and organizations targeted by ransomware, the Justice Department task force will have a harder time bringing cases and enforcing the law.
"At the end of the day the DOJ needs to develop clear rules, processes and requirements that provide everyone an idea on what their limitations are," Neumann says. "If these aren’t done in a transparent nature, this task force will just respond to possible litigation and cleanups of other federal systems."
Other Government Efforts
Newly installed Homeland Security Secretary Alejandro Mayorkas announced in March that the agency would conduct a 60-day "sprint" exercise focused on battling ransomware.
DHS also will provide an additional $25 million in grants to state and local cybersecurity preparedness programs with a particular focus on combating ransomware (see: DHS to Provide $25 Million More for Cybersecurity Grants).
Also, the U.S. Cybersecurity and Infrastructure Security Agency is preparing to use new administrative subpoena powers authorized under the 2021 National Defense Authorization Act to help it address ransomware attacks and other cyberthreats. CISA will now be able to compel internet service providers to turn over certain subscriber information that would help better identify potential attacks as well as targeted organizations.