The US Department of Justice (DoJ) is forming a new task force to deal with the “root causes” of ransomware.
In an internal memo, the DoJ outlines the creation of a new initiative that will bring together current efforts in federal government to “pursue and disrupt” ransomware operations.
As noted by CNN, this could include the takedown of command-and-control (C2) servers used to manage ransomware campaigns, as well as the legal seizure of “ill-gotten gains” generated by such schemes.
Popular ransomware strains include Petya, Locky, Maze, and CryptoLocker. These forms of malware encrypt drives on infected machines and operators then demand a ransom payment in return for a decryption key. Depending on the victim’s worth, blackmail demands can reach millions of dollars.
Over the past year or so, double-extortion tactics have also been put into play more widely, in which sensitive data is stolen before encryption begins. If a victim refuses to pay up, they may be threatened with the leak of this information to the public.
Recent examples of these tactics include the REvil ransomware gang’s targeting of Acer and Apple supplier Quanta.
The memo added that the new task force will also reach out to private sector organizations to gain more intelligence on ransomware threats and trends. Links between ransomware operations and state-sponsored threat actors will also be examined.
Furthermore, the federal government intends to pour more resources into training.
In light of the SolarWinds breach and Microsoft Exchange Server disaster, President Biden’s administration appears to be taking cybersecurity seriously. Earlier this week, the White House revealed a 100-day plan to tackle threats to the US electricity grid.
Acting Deputy Attorney General John Carlin said 2020 was the “worst year” to date when it comes to ransomware and extortion attempts.
“If we don’t break the back of this cycle, a problem that’s already bad is going to get worse,” Carlin told the Wall Street Journal.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0