- Deputy Attorney General Lisa Monaco, speaking at the Sixth annual Aspen Cyber Summit, announced two separate initiatives designed to stem the rise in malicious ransomware and other cyber activity targeting U.S. companies and other organizations.
- The Department of Justice is launching a National Cryptocurrency Enforcement Team that will strengthen the ability of federal authorities to dismantle virtual currency exchanges and other services used for illegal money laundering during ransomware and extortion campaigns, drug trades, trafficking weapons, the sale of hacking tools and other illegal activities.
- Monaco also announced the launch of a Civil Cyber Fraud Initiative, where federal authorities will pursue federal contractors that fail to report cyber breaches in a timely manner, knowingly misrepresent their cybersecurity practices, or knowingly provide deficient cybersecurity products. The Commercial Litigation Branch, Fraud Division of the DOJ Civil Division will lead the effort, and use the authority under the federal False Claims Act to pursue both individuals and organizations that fail to monitor and report cyber breaches and other incidents.
The two initiatives are part of a broader campaign by the Biden Administration to disrupt a wave of malicious cyber activity launched by nation-state threat actors and criminal gangs against critical U.S. industries and government agencies, as well as other private sector entities.
Following the 2020 SolarWinds attacks backed by Russian state actors and the Microsoft Exchange attacks linked to Chinese state agencies that U.S. officials say were supported by criminal actors, there have been a series of ransomware attacks against key U.S. companies, including the May attack on fuel supplier Colonial Pipeline and the later attack on JBS USA, one of the nation's largest meat suppliers.
Monaco, speaking virtually to moderator Garrett Graff during the Summit, said that since her return to the DOJ after working as former President Barack Obama's national security advisor, nation-state actors have developed alliances with criminal cyber actors in recent years to create alliances that are pulling off a very bold series of attacks against key U.S. targets.
"There's a brazenness to the tactics and techniques from ransomware to digital extortion," she said. "These are actions, not of a stealthy kind of cat burglar type, but really brash, more like the kind of bomb laden hostage taker or terrorist."
The DOJ has previously taken steps to disrupt the use of cryptocurrency transfers during high-profile ransomware attacks. In January, federal officials arrested a Canadian man and seized more than $454,000 in cryptocurrency, as part of an international crackdown against NetWalker ransomware, which targeted healthcare organizations, school districts, universities and private companies.
According to the indictment, the suspect, Sebastian Vachon Desjardins, of the city of Gatineau, Quebec, generated $27.6 million in proceeds from the attacks. Bulgarian authorities also seized a Dark Web site used to communicate and provide payment instructions to ransomware victims.
The FBI in May recovered $2.3 million of the $4.4 million in bitcoin that Colonial Pipeline paid to the ransomware gang during the May attack.
Just last month, the Treasury Department's Office of Foreign Assets Control announced sanctions against Suex, a Russia-based virtual currency exchange, that allegedly facilitated transactions involving eight ransomware variants.
Amanda Wick, chief of legal affairs at Chainanalysis, a blockchain data platform, said the task force will help the DOJ develop a more robust response to the illegal use of virtual currency changes.
"The dispersal of services among different sections of the criminal division, and throughout 94 U.S. Attorney's offices, made it very difficult to coordinate a response to crimes involving cryptocurrency," Wick said via email. "By creating a task force whose leader will report directly to the AAG of the criminal division, crypto crime will get the resources and attention it needs to make an impact on crypto-enabled crime."
Mary Beth Buchanan, president of Americas and chief legal officer at Merkle Science, a blockchain monitoring platform, called the task force an appropriate and proactive response to restrict the criminal use of cryptocurrencies.
"By taking this step, the DOJ will assist the industry in identifying criminals that aim to discredit the crypto ecosystem," Buchanan said via email.
The civil enforcement plans on breach disclosure was praised by cybersecurity experts, who noted that some of the major law enforcement takedowns in recent years, including the Emotet and Trickbot cases, was enabled by victim's cooperating with authorities.
"The concern about loss of reputation, the sheepish nature of some businesses when it comes to breaches and attacks and the refusal to take responsibility for these attacks, is what the bad guys count on us doing," Adam Kujawa, director of Malwarebytes Labs said.