In recent years, the U.S. Department of Justice has been ramping up its efforts to combat ransomware attacks. However, a recent report from the Office of the Inspector General (OIG) shed light on the apparent shortcomings of the department’s Ransomware and Digital Extortion Task Force (RTS), which was established in 2021 in response to the escalating threat of ransomware.
The OIG’s report revealed that while the DOJ’s task force was created with the intention of directing the department’s resources towards addressing the ransomware threat, it ultimately fell short of its objectives. The OIG found that the RTS only convened two meetings, failed to maintain regular communication to ensure the implementation of its strategic goals, and did not keep records of decisions made during these meetings.
Furthermore, the report indicated that the RTS is now essentially defunct, as evidenced by the lack of meetings being held. Despite the efforts of the task force, ransomware attacks have continued to rise, with numerous companies noting record-high levels of activity throughout 2023 and into 2024.
Despite the shortcomings of the task force, the OIG recognized the contributions of the FBI and the DOJ’s Criminal Division’s Computer Crime and Intellectual Property Section in leading the department’s efforts against ransomware. The report highlighted successful disruptions of prominent ransomware gangs such as LockBit, Hive, and Alphv/BlackCat, as well as takedowns of associated malware and botnets.
One notable example of these efforts was “Operation Cronos,” an international law enforcement operation that successfully disrupted the LockBit ransomware gang in February. Just this week, authorities announced the arrests of four alleged LockBit members as part of the continued crackdown on ransomware groups.
However, despite these enforcement actions, new ransomware groups continue to emerge, and dismantled gangs often resurface under different names. Furthermore, industry experts like Jamie Levy of Huntress emphasized that while government takedowns can temporarily disrupt ransomware activities, more sustainable solutions are needed to truly combat these cyber threats.
The report from the OIG also called for clearer metrics to track the effectiveness of the DOJ’s actions against ransomware. Experts like Jason Baker emphasized the importance of visibility and information sharing in combating ransomware, highlighting the need for better reporting requirements to gauge the true impact of attacks on organizations.
Overall, while the efforts of the DOJ and the FBI in combating ransomware have seen some high-profile successes, there is still room for improvement in terms of coordination, communication, and measuring the effectiveness of these actions. As ransomware attacks continue to pose a significant threat to organizations, the need for a more strategic and coordinated approach to combating these threats becomes increasingly apparent.