On June 7, 2021, the U.S. Department of Justice (DOJ) announced that it seized 63.7 bitcoins, valued at approximately $2.3 million, from the proceeds of the ransomware payment of 75 bitcoins made by Colonial Pipeline to the Darkside ransomware group who targeted the pipeline company. The seizure was conducted pursuant to a court-issued warrant as part of DOJ’s recently launched Ransomware and Digital Extortion Task Force, which was established to investigate, disrupt and prosecute ransomware and digital extortion activity. A few days earlier, DOJ announced the arrest of a hacker who was part of a transnational cybercrime organization responsible for creating and deploying a ransomware suite of malware known as Trickbot. The recent successes demonstrate the potential benefits of early notification to, and cooperation with, law enforcement for the victims of cyberattacks.
DOJ’s recent seizure and arrest follow a memorandum issued by the White House last week to corporate executives and business leaders urging them to take immediate steps to protect their organizations from ransomware attacks. The White House memorandum, combined with the recent DOJ actions and announcement of new internal coordination rules to treat ransomware cases in a similar manner to terrorism cases, underscores the Biden administration’s urgent focus on ransomware attacks.
The White House memorandum serves as a call to action to private-sector entities to do their part to prepare for and respond to the ransomware threats. It reflects the Biden administration’s broad focus on the private sector – not just critical infrastructure companies like Colonial Pipeline and companies that provide key goods. The memorandum emphasizes the “critical responsibility” that the private sector bears to protect against cyberattacks. Among other things, it emphasizes that the “private sector also has a critical responsibility to protect against these threats” and that “the most important takeaway from the recent spate of ransomware attacks on U.S., Irish, German and other organizations around the world is that companies that view ransomware as a threat to their core business operations rather than a simple risk of data theft will react and recover more effectively.” The memorandum calls on companies to “immediately convene their leadership teams to discuss the ransomware threat and review corporate security posture and business continuity plans to ensure you have the ability to continue or quickly restore operations.”
Specifically, the memorandum outlines the following six recommended best practices that companies should undertake:
DOJ’s intensified efforts to combat ransomware and pursue hackers combined with this latest outreach by the Biden administration to the private sector to combat ransomware demonstrates both that the administration recognizes that partnering with companies is critical to deter and disrupt hackers, and also that it views the private sector as having a “distinct and key responsibility” to strengthen the nation’s collective resilience when faced with cyberattacks. We expect to see additional announcements in the coming weeks aimed at incentivizing the private sector to act on that responsibility.