US Sets Up Multiagency Initiatives to Curb RansomwareFBI, CISA Will Focus on Threat Awareness and DOJ Will Focus on Illicit Crypto Use
The U.S. is setting up a Joint Ransomware Task Force, headed by the Cybersecurity and Infrastructure Security Agency and the FBI, as well as two international initiatives, chaired by the Department of Justice, to tackle illegal cryptocurrency activities related to ransomware.
See Also: 2022 Unit 42 Incident Response Report
The announcement was made at the Institute for Security and Technology event celebrating the one-year anniversary of the Ransomware Task Force. The task force comprises industry, government and civil society members to counter the ransomware threat. It was set up by the Department of Justice in March 2021.
The Joint Ransomware Task Force was set up under the guidance of the Cyber Incident Reporting for Critical Infrastructure Act of 2022, an omnibus spending bill passed last month. The bill required CISA to launch a program that would coordinate federal efforts to warn organizations of vulnerabilities that ransomware actors could likely exploit.
Cool News! @CISAgov is kicking off the Joint Ransomware Task Force as est. in CIRCIA, to be co-led by CISA & @FBI. Psyched to announce this during my chat w/@marcwrogers @IST_org’s event today! Big thanks to IST #RansomwareTaskForce for your leadership & partnership. Let's do this! pic.twitter.com/7f0nkOvYhM— Jen Easterly Shields Up! (@CISAJen) May 20, 2022
CISA Director Jen Easterly, at the Friday event, said: "Given what's in that legislation and what the Task Force is envisioned to do - there's a lot of disruption of ransomware actors infrastructure, finances - I thought it was really important that the FBI co-chairs."
The group, she said, will hold its first official meeting in the next few months. "It's very likely that industry is going to see a cyberattack on the homeland before we see it… We have to be in the same room. We have to trust each other."
Supplementing Ransomware Crackdown
Deputy Attorney General Lisa Monaco, at the same event, announced the launch of two key initiatives aimed at disrupting ransomware activities and the confiscation of funds routed through the blockchain.
"This initiative will allow for more joint international law enforcement operations, more eyes from multiple law enforcement agencies around the world to follow the money through the blockchain,” Monaco said. "It will also foster, we hope, responsible regulation and anti-money laundering requirements to root out the abuse of these technologies."
The department will also deploy overseas prosecutors to build capacity to fight cybercrime in partnership with the U.S. Department of State. A global law enforcement network of prosecutors, she said, will assist their foreign counterparts in addressing cybercrime and issues involving electronic evidence.
The new cyber operations international liaison would work with "U.S. prosecutors and European allies… to up the tempo of international operations against top-tier cyber actors, including arrests, extraditions, asset seizures and working together to dismantle infrastructure,” Monaco said.
Other Key Changes
Recently, the Department of Justice revised its policy on who it charges with violations under the Computer Fraud and Abuse Act. The DOJ now specifies that good-faith security research and researchers cannot be charged under the CFAA because they help improve cybersecurity standards.
"Computer security research is a key driver of improved cybersecurity,” said Monaco at the Friday event. "The department has never been interested in prosecuting good-faith computer security research as a crime, and today's announcement promotes cybersecurity by providing clarity for good-faith security researchers who root out vulnerabilities for the common good."
The DOJ said that the CFAA enforcement aims to "promote privacy and cybersecurity by upholding the legal right of individuals, network owners, operators and other persons to ensure the confidentiality, integrity and availability of information stored in their information systems."