DOJ signals plans to coordinate anti-ransomware efforts with the same protocols as it does for terrorism
By Brian Fung, CNN
The Justice Department signaled Thursday it plans to coordinate its anti-ransomware efforts with the same protocols as it does for terrorism, following a slew of cyberattacks that have disrupted key infrastructure sectors ranging from gasoline distribution to meatpacking.
On Thursday, Deputy Attorney General Lisa Monaco issued an internal memo directing US prosecutors to report all ransomware investigations they may be working on, in a move designed to better coordinate the US government’s tracking of online criminals.
The memo cites ransomware — malicious software that seizes control of a computer until the victim pays a fee — as an urgent threat to the nation’s interests.
“We must enhance and centralize our internal tracking of investigations and prosecutions of ransomware groups and the infrastructure and networks that allow these threats to persist,” Monaco wrote.
The tracking effort is expansive, covering not only the DOJ’s pursuit of ransomware criminals themselves but also the cryptocurrency tools they use to receive payments, automated computer networks that spread ransomware and online marketplaces used to advertise or sell malicious software.
The Justice Department process outlined in the memo is one that it generally reserves for high-priority issues such as terrorism, said CNN legal analyst Elie Honig.
“Essentially, DOJ now will treat ransomware attacks as high-priority crimes, and will devote more resources to fighting back,” Honig said.
In recent weeks, cybercriminals have increasingly targeted organizations that play critical roles across broad swaths of the US economy. The fallout from those attacks show how hackers are now causing chaos for everyday Americans at an unprecedented pace and scale.
A high-profile attack against Colonial Pipeline last month disrupted fuel shipments to gas stations all along the east coast, prompting widespread panic buying. This week, the meat supplier JBS disclosed a cyberattack that led to a temporary shutdown of all nine of its US beef processing plants, prompting anxiety among some workers over potential lost wages.
And on Wednesday, New York’s transit agency disclosed it had been the target of a cyberattack in April, though it added that there was “no evidence operational systems were impacted, no employee or customer information breached, no data loss and no changes to our vital systems.”
Amid the onslaught, the Biden administration has taken an all-hands approach. In addition to the DOJ memo, the White House issued a letter Thursday to industry leaders urging them to take the threat of ransomware more seriously, and to adopt proactive security measures such as installing critical software updates, using multi-factor authentication and developing an incident response plan.
White House press secretary Jen Psaki told reporters Thursday that the United States intends to build an international coalition against ransomware, citing recent attacks in Ireland, Germany, France and the United Kingdom.
“These attacks have been on the rise for years,” she said, “because these criminal groups are able to make a profit off the backs of businesses, schools, local governments, and more.”
The United States was hit by more than 15,000 ransomware incidents against organizations last year alone, according to Brett Callow, threat analyst at the cybersecurity firm Emsisoft. Factoring in the lost productivity caused by the attacks, ransomware cost the US between an estimated $596 million and $2.3 billion in 2020, Callow said. The true figures may likely be even higher, Callow said, because Emsisoft’s estimates only account for confirmed cases of ransomware incidents.
“It’s a feeding frenzy that’s resulted from the fact that millions of dollars are up for grabs,” he said. “Companies keep on paying, so the attacks keep on coming. While critical infrastructure is now being hit, that doesn’t mean it’s being specifically targeted. The reality is that companies in every sector are being targeted. Simply put, if an organization can afford to pay a ransom, it’s in the cybercriminals’ crosshairs.”