Ransomware, Threat Management

DOJ merges cyber, cryptocurrency units to go after ransomware attacks

FBI seal

The U.S. Department of Justice is merging its cryptocurrency and computer crimes investigation units, reflecting the vital role digital assets play in ransomware hacks and other online attacks.

"It’s become obvious to everyone in the cybercrime field that cryptocurrency work and cyber prosecutions are intertwined, and will become even more so in the future," Principal Deputy Attorney General Nicole Argentieri said Thursday announcing the move in remarks delivered at the Center for Strategic and International Studies. 

Argentieri said combating ransomware specifically is an "urgent priority" and that federal law enforcement officials will be better equipped to fight cyber threats by putting the National Cryptocurrency Enforcement Team (NCET) under the same roof as the Computer Crime and Intellectual Property Section (CCIPS). 

The move will more than double the number of federal prosecutors authorized to handle cryptocurrency criminal cases.

DOJ launched NCET as a standalone unit in October 2021 to investigate and prosecute criminal misuse of cryptocurrency, including money laundering.

CCIPS was launched a decade ago.

The U.S. government has continued to significantly ramp up its ransomware fight since hackers shut down the Colonial Pipeline in May 2021, including putting CCIPS in charge of coordinating ransomware investigations and prosecutions.

The DOJ in June 2022 seized $2.3 million worth of cryptocurrency paid as Colonial Pipeline ransom to the DarkSide hacking gang.    

The Biden administration's National Cybersecurity Strategy, announced earlier this year, specifically targeted ransomware as a threat to national security and public safety. The administration said cyberattacks cost victims billions of dollars annually.

More sophisticated ransomware attacks and hacks are expected with the rise of generative artificial intelligence.

Argentieri said "ransomware is a threat to all — national security, public safety, and economic prosperity."

The FBI recorded 2,385 ransomware attacks in 2022. Chainalysis reported ransomware victims globally paid $456.8 million in 2022, down from $765.6 million. But experts warned that 2023 may eclipse 2022's record for ransom because hackers are launching an increased number of supply chain attacks to reach more victims and adopting more aggressive extortion methods, including stealing and ransoming data. 

"An urgent priority for the merged CCIPS and NCET is the fight against ransomware," Argentieri said. "The National Cybersecurity Strategy highlights ransomware as not only an important concern, but as a threat to national security."

Argentieri also lauded CCIPS officials who took down two sophisticated malware programs used by the Russian government to collect sensitive data from infected computers worldwide. In May, CCIPS disabled the 20-year-old malware network called Snake that infected hundreds of computers worldwide. In 2022, CCIPS disabled Cyclops Blink malware.  

Argentieri said San Francisco-based federal prosecutor Claudia Quiroz was appointed acting head of NCET to replace Eun Young Choi. 

Argentieri said that CCIPS experts will continue to investigate and prosecute ransomware attacks while NCET investigators track and pursue ransom payments with the aim of "freezing or seizing them before they go to Russia and other ransomware hotspots."

She said the merger makes cryptocurrency cases equal in status to computer crimes.  

The difference the merger will make, she said, is that CCIPS and NCET will work together.

"Every modern prosecutor needs to be able to trace and seize cryptocurrency," she said. "This merger recognizes that."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.