In recent years, the United States has seen a rapid increase in major incidents of cybercrime directed at individual citizens, businesses, and government entities. One of the many forms of cybercrimes levied against these groups has been ransomware attacks. Ransomware attacks consist of a criminal or group of criminals eliminating access to a victim’s files or systems. This is usually achieved by using malware to encrypt the digital assets. The group then holds the files or system hostage until the victim pays the ransom. This is often coupled with the threat that, if the ransom is not paid, files will be destroyed or released to the public. In 2018, the City of Atlanta suffered a ransomware attack in which the attackers demanded payment of $51,000 in Bitcoin. The city refused to pay the ransom, suffered the destruction of years of files, and incurred millions of dollars in expenses to address cyber security issues. Most recently, Colonial Pipeline suffered a ransomware attack that left the pipeline shut down, resulting in gas shortages throughout the southeastern U.S. Colonial eventually paid a ransom of $4.4 million to have access restored. Colonial Pipeline is one of the most high-profile and expensive ransomware attacks in history. Following this attack, many called for renewed efforts to combat cybercriminals throughout the world.
On June 3, Deputy Attorney General Lisa Monaco issued new “Guidance Regarding Investigations and Cases Related to Ransomware and Digital Extortion.” The guidance was issued to ensure coordination between the many divisions within the Department of Justice (DOJ) and emphasized the need to utilize all of the assets available to DOJ to combat ransomware and digital extortion. The guidance creates new notice requirements for U.S. Attorney’s Offices (USAOs). USAOs are required to inform the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) and the National Security & Cyber Crime Coordinator for the Executive Office for United States Attorneys (EOUSA) of the opening of, or any new developments in, cases involving ransomware, digital extortion, or illicit infrastructure used to facilitate those acts. USAOs are also required to notify CCIPS and EOUSA whenever they become aware of any new ransomware attack or instance of digital extortion.
The guidance provides further requirements regarding coordination with CCIPS and clarifies that CCIPS is responsible for cases across the DOJ that involve ransomware, digital extortion, or illicit infrastructure. CCIPS will track developments in cases and coordinate with USAOs conducting investigations. The guidance reiterates the mandate that USAOs consult with CCIPS with respect to charging decisions under the Computer Fraud and Abuse Act. USAOs are also required to coordinate public statements regarding these cases with CCIPS. The guidance demonstrates an increased focus on cybercrime within the DOJ, and the effort to coordinate investigations and prosecutions with an office that specializes in cybercrimes is likely to result in investigations that are simultaneously more efficient and more thorough.
The attorneys at Chilivis Grubman represent clients of all types and sizes in connection with criminal and civil investigation conducted by the U.S. Department of Justice. If you need assistance with such a matter, please contact us today.