The Department of Justice requires federal prosecutors across the United States to track ransomware cases more closely and notify Department of Justice officials of key developments in prosecuting hackers.
After major U.S. fuel and meat distributors were attacked by ransomware, government law enforcement agencies have elevated combating ransomware attacks as their top priority. The purpose of this is to gain a clearer understanding of the extortion behavior in each state and any progress made in tracing criminals.
Lisa Monaco, the Deputy Secretary of the U.S. Department of Justice (Lisa Monaco) sent to the U.S. Attorney’s Office on June 3, local time, a memorandum titled “Guide to Investigations and Cases Concerning Blackmail and Digital Blackmail”. When you learn of a new ransomware attack in your area, you must notify senior department officials in Washington. For example, such “emergency reports” should cover ransomware incidents that affect critical infrastructure or city governments-this is a common occurrence.
The memorandum pointed out that recent blackmail attacks-including the blackmail attack on the Colonial Pipeline Company last month and digital blackmail posed a growing threat, have destructive and devastating consequences for the country’s key facilities.
One of the main goals of the recently established ransomware and digital ransomware task force is to ensure that we use all the power and resources of our department to deal with the many aspects and root causes of this threat. We know that ransomware attacks and digital blackmail schemes are often carried out by transnational criminals, spread without geographic boundaries, and flourish due to the abuse of online digital and financial infrastructure. Therefore, the Legal Department must ensure that the fight against digital extortion is focused, coordinated, and has appropriate resources. In order to ensure that we can establish the necessary connections in national and global cases and investigations, and to provide us with a comprehensive understanding of the national and economic security threats we face, we must strengthen and centralize our internal tracking, investigation and prosecution for extortion Software groups, while destroying the infrastructure and networks where these threats persist.
The U.S. Attorney’s Office, the Computer Crimes and Intellectual Property Division (CCIPS) of the Criminal Division, the Money Laundering and Asset Recovery Division (MLARS), the National Security Division (NSD), the Federal Bureau of Investigation (FBI), and other departments of the Department of Justice are identifying Those who participate in these plans and make legal choices to disrupt and destroy the infrastructure and networks used to carry out these attacks play a key role. In order to ensure coordination among departments, this memorandum highlights some of the current “Judicial Manual” requirements and proposes new requirements for investigations and cases related to ransomware or digital ransomware attacks and ransomware and digital ransomware. These new requirements take effect immediately.
“Ensure that we can conduct the necessary connections between national and global cases and investigations…We must strengthen and centralize our internal follow-up investigations and prosecute ransomware organizations and infrastructure and networks to allow for continued threats,” Monaco wrote in the memo.
The memorandum also requires federal prosecutors to notify senior officials of the Department of Justice when they initiate new cases involving ransomware, or when there are significant advances in these cases (such as reaching a plea agreement), and to maintain their agreement with the Computer Crimes and Intellectual Property Division (CCIPS). Synergy.
The policy scope states that the provisions of this memorandum apply to all investigations and cases involving the following situations:
a. Ransomware and/or digital blackmail; or
b. The subject or target under investigation is mainly due to illegal operation of infrastructure commonly used in ransomware and digital ransomware programs, including but not limited to:
1. Counter antivirus service;
2. Illegal online forums or markets that promote or sell ransomware, digital ransomware or hacking tools and network access credentials (that is, carriers that ransomware may infect the network, including remote desktop protocol credentials or webshell);
3. Cryptocurrency (or digital currency) exchange;
4. (Bulletproof) Bulletproof hosting service;
6. Online money laundering service.
When the US Department of Justice introduced this new policy, US officials were investigating two ransomware hacking incidents, which the FBI blamed on Russian-speaking hackers. In early May, the IT system of the oil pipeline company Olonial was breached and blackmailed, forcing the main road to deliver fuel to the east coast to be cut off, causing Americans to hoard a large amount of gasoline. Earlier in early June, hackers disrupted the factory operations of JBS, the world’s largest meat supplier.
The White House stated that US President Joe Biden plans to raise the issue of cyber criminals’ activities in Russia with Russian President Vladimir Putin at a bilateral meeting this month.
In the face of frequent hacking attacks, the U.S. Department of Justice is conducting a four-month review of its policies against malicious cyber activities and has established a special task force to consider new ways to thwart ransomware groups.