The U.S. Department of Justice is reportedly launching a ransomware task force that will increase training, dedicate more resources to the issue, improve intelligence sharing and identify links between criminal actors and nation states.
The Wall Street Journal was the first to report the news on Wednesday. The paper said it obtained an internal DOJ memo outlining the goals of the task force, and it quoted Acting Deputy Attorney General John Carlin, who called 2020 the worst year for ransomware.
“And if we don’t break the back of this cycle, a problem that’s already bad is going to get worse,” Carlin told the WSJ.
Cybercriminals were emboldened in 2020 as organizations were forced to deal with an increased attack surface with employees working from everywhere but the office and depended even more on technology to do their jobs. Ransomware was especially prevalent, with some reports suggesting that ransomware attacks increased by over 700%, according to a Bitdefender report from last year.
The average ransom demand is also increasing, with the average paid ransom jumping to more than $312,000, an increase of more than 171%, according to Palo Alto Networks.
According to the WSJ, the DOJ memo calls for targeting the “entire criminal ecosystem around ransomware,” including prosecuting and disrupting ongoing attacks. One such option would be targeting online forums that advertise ransomware services.
Mr. Carlin said the task force also will strive to find more “innovative uses of legal authorities…to protect victims before they are victimized.” Last week, the Justice Department revealed that the FBI had entered computer networks still vulnerable from a recent Microsoft Exchange Server attack that researchers have linked to China to remove malicious code. Mr. Carlin said that maneuver was motivated by concerns that criminal groups could hit those networks with ransomware.
Estimates on annual damages of ransomware attacks vary widely, but security companies generally agree the average size of ransoms has ballooned in recent years and that the overall toll on the economy is in the billions of dollars.
Mr. Carlin, who before returning to the Justice Depart focused on cybersecurity as a partner at the Morrison & Foerster law firm, said he has personally seen ransomware payments over $20 million.
“It wasn’t a hard calculation for the company because they could say it would easily be hundreds of millions in damages for them if they didn’t pay,” Mr. Carlin said. “In almost every case where they paid, they knew the amount of damage was 10, 20 times what they were paying.”
With the threat of having to pay millions so an organization can simply access their data and get back to work, organizations are forced to invest heavily in prevention and backups. However, all it takes is one employee to open an attachment in an email to compromise the entire organization.
Attacking ransomware operators at the source will take some of that burden off of IT departments and cybersecurity professionals already stretched thin.