U.S. Department of Justice: Continue to arrest, hold ransom for ransomware groups

The U.S. is stepping up efforts to crack down on ransomware operations and other cybercrimes with arrests and ransom payments, the U.S. deputy attorney general said this week. The Biden administration has called ransomware a threat to both national security and the economy, leading to several U.S.-led counteroffensives.

Deputy Attorney General Lisa Monaco revealed in an interview that “in the coming weeks, you will see more arrests,” as well as the seizure of ransoms paid in cryptocurrencies, among other actions.

While Monaco did not provide specifics, she declared: “If you come to us, we will come to you.”

Deputy Attorney General Lisa Monaco at a press conference in October

In assessing the state of ransomware crime, Monaco, which has an increasing public role in hunting down threat actors, said: “We haven’t seen a substantial change in the situation. Only time will tell if Russia is likely to do this in this regard. Action taken.” Still, she added: “We will continue to work hard to hold accountable those who seek to chase our industry, hold our data hostage and threaten national security, economic security and personal safety.”

U.S. National Cyber ​​Director Chris Inglis told House lawmakers on Thursday that Russian cyberattacks in the U.S. have “decremented significantly.”

“We need to give [这个战略] Time has come to play, and I’d be encouraged if one of our most experienced cyber experts, National Cyber ​​Director Chris Inglis, said the US has seen a ‘significant reduction’ in attacks from Russia. “

Rosa Smothers, a former CIA threat analyst and technical intelligence officer, said, “The aggressive extradition of cybercriminals to serve as their role models, coupled with an aggressive bounty program, shows that the DOJ business is going and is acting with a sense of urgency for extortion. software problem.”

Smothers, currently senior vice president of network operations at KnowBe4, noted, “To illustrate this point, a $10 million reward was announced Friday for information that could lead to the identity or location of a senior member of the DarkSide gang…” (Extended reading: U.S. State Department $10 million bounty for the DarkSide leader)

Monaco’s statement comes after an alleged Russian hacker appeared in a U.S. court last week after being extradited from South Korea on suspicion of aiding transnational cybercrime. According to court documents, Vladimir Dunaev, 38, of Russia, used TrickBot malware in global cyberattacks between 2015 and 2020, especially against schools, government entities and financial institutions . Microsoft took action against the malware group last October, ultimately wresting control of its infrastructure. Dunaev, who faces up to 60 years in prison, is suspected of being the group’s malware developer, according to the U.S. Department of Justice. He was charged with conspiracy to commit computer fraud and aggravated identity theft, as well as money laundering, wire fraud and bank fraud.

follow the money

In June, the DOJ also announced that it had seized 63.7 bitcoins, worth $2.3 million at the time, which is believed to be about half the ransom paid by Colonial Pipeline to the DarkSide ransomware group in May. The attack caused the pipeline to cease operations after it was discovered that its systems were locked with encryption, causing fuel shortages on the East Coast.

Commenting on the attack at the time, Monaco noted that “tracking money remains one of the most basic yet powerful tools we have. Ransom payments are the fuel that fuels the digital extortion engine.” The U.S. government advises against paying ransoms, suggesting they only will encourage cybercriminals.

More action from the Department of Justice

The Justice Department confirmed in October that it would go after government contractors who failed to report cybersecurity incidents. Monaco said the department’s civil cyber fraud initiative would use the False Claims Act, which imposes liability on those who defraud government programs, to hold entities accountable for “willful breaches of their obligations to monitor and report incidents and violations.”

Monaco also announced the creation of the National Cryptocurrency Enforcement Team (NCET) in October, which she said would investigate and prosecute misuse of cryptocurrencies — especially cryptocurrency exchanges, mixing and tumbling services used to obfuscate funds, and money laundering bases crimes committed by the facility.

Pay close attention to the focus

This month, the U.S. Department of Justice listed vacancies for the director of the National Cryptocurrency Enforcement Team (NCET), who will assist in enforcing digital currency laws and lead a team of prosecutors investigating crypto-related cases. The Justice Department said the director will liaise with the U.S. Attorney’s Office and other law enforcement agencies, as well as work with the Treasury Department’s Financial Crimes Enforcement Network (FinCEN), such as the Securities and Exchange Commission and similar agencies around cryptocurrency regulation.

In targeting the cryptocurrency-based model of ransomware operators, King, who is now director of the Tech Innovation Program at the Wilson Center, a nonpartisan think tank, said: “The seizure of cryptocurrency ransomware payments has a big impact on the heart of the business model:” Criminals don’t Re-assurance that they can keep the earnings. This is a key element of the U.S. government’s overall strategy to deny ransomware attackers success. “

Indeed, the current set of strategies of the United States seems to have played a significant role, see: The US State Department offers a reward of 10 million US dollars to target the leader of DarkSide.

The Links:   SP14Q002-A1 6MBP150RTA060 SKM400GB125D.