The Washington PostDemocracy Dies in Darkness
The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Rising ransomware attacks have the Justice Department's attention

The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Placeholder while article actions load

Welcome to The Cybersecurity 202 and TGIF! 

Below: the White House's 30-country cybersecurity summit ended with a joint statement and Missouri's governor is targeting a newspaper for reporting on a government website hack.

The Justice Department has partly centralized ransomware investigations, but experts want more consolidation

For months, waves of devastating ransomware hacks have hammered U.S. businesses, organizations and local governments. 

It's time for the Justice Department to centralize its investigations of ransomware attacks and double-down on those investigations, former federal prosecutors say.


The Justice Department has taken some steps to centralize its ransomware investigations. But further consolidation within the agency would represent a major shift for federal law enforcement, which investigates ransomware groups out of the dozens of federal prosecutors’ offices around the country.

Having teams of prosecutors proactively going after the groups in a more centralized form could allow the Justice Department to more effectively investigate and prosecute the criminals behind the more than 100 types of ransomware that the FBI is tracking, the ex-prosecutors say.

Here's why: The current system isn’t designed to go after transnational criminal groups who don’t care about where in the U.S. their victims live, some former officials said.

In other words, the geographically expansive nature of cyber crime — criminals and their victims could be anywhere physically — has changed the name of the prosecution game.

“It does need to change because it’s a 20th-century model,” said Ed McAndrew, a former federal cybercrime prosecutor who is a partner at DLA Piper.

“You can't just look at it from a victim perspective and say, 'Well, we've got a victim in Kansas and a victim in California and a victim in New York; so therefore, we have three cases,’ ” McAndrew said. “There have to be, of course, at the local level, three investigations into those different victims' circumstances and the crimes against them. But there also has to be a larger coordination of the investigation, the threat actor group and the criminal ecosystem.” 

“I think that's what we're moving toward now, but it's still slow and we're way behind,” McAndrew added. “As has been true since the beginning of cybercrime investigations, we're still struggling to catch up with the criminals.”

The Justice Department should consider creating a “cyber strike force” with an annual budget of $5 million, enough to pay 10 prosecutors and 20 agents dedicated to those types of proactive investigations, Kellen Dwyer, a former deputy assistant attorney general in the Trump administration who is a partner at Alston & Bird, wrote on a law blog this summer. A Justice Department spokesperson declined to comment on the proposal.

More bodies

Experts are also urging the Justice Department to boost the number of prosecutors going after ransomware hackers.

The Justice Department should “follow the playbook that it used against organized crime in the 1960s and terrorists after 9/11” by surging the number of prosecutors and agents doing long-term, proactive investigations into ransomware groups, Dwyer wrote. 

Increasing the number of cyber prosecutors at the Justice Department “would be just a really easy investment to make where you're going to get a lot of return on your investment,” Dwyer told me.

Actions so far

The Justice Department has made some changes in recent months to go after ransomware head-on. 

In April, it created a Ransomware and Digital Extortion Task Force to centralize some aspects of how it responds to ransomware hacks. According to a memo obtained by The Cybersecurity 202, the task force aimed to:

  • Boost training and other resources for combating ransomware
  • Focus on intelligence-sharing
  • Leverage law enforcement leads and better coordinate with prosecutors

The task force is also an attempt to target the whole ransomware ecosystem and strengthen partnerships with industry, government and international allies to combat the threat, according to the memo.

In June, Deputy Attorney General Lisa Monaco further centralized the Justice Department's handling of ransomware cases. Monaco told prosecutors to let the Justice Department know about new investigations or developments and urgently notify them of major attacks, in a bid to “enhance and centralize our internal tracking.”

Last week, the Justice Department launched a National Cryptocurrency Enforcement Team the department said was designed to “deter, disrupt, investigate, and prosecute criminal misuse of cryptocurrency, as well as to recover the illicit proceeds of those crimes whenever possible.” It came just weeks after the Treasury Department sanctioned Suex, a cryptocurrency exchange it said “facilitated transactions involving illicit proceeds from at least eight ransomware variants.”

The Justice Department's cryptocurrency team, which Dwyer and McAndrew praised, will be made up of prosecutors detailed from offices across the country. 

  • “But, ideally, the group will also hire and train new cyber prosecutors so we are not just robbing Peter to pay Paul,” Dwyer said.
  • He also praised other Justice Department’s moves on ransomware but said it’s not enough. “You certainly have great people in there and people who are making it a priority and recognize the threat,” Dwyer said. “I think that there is more to be done.”

The keys

The Biden administration concluded a 30-country ransomware summit

The 30 countries that attended the two-day virtual summit this week recognized ransomware as a global security threat for the first time and agreed to work together to tackle it, Ellen Nakashima writes. The meeting ended with a joint statement laying out cooperation across areas like illicit finance, disruption of criminal networks, diplomacy and strengthening cybersecurity.

Cyber policy experts praised the initiative. “It’s a very strong statement of political will, first and foremost,” said Christopher Painter, a top State Department cyber official in the Obama administration. “It sends a signal that this is a priority and will continue to be a priority.”

Russia, which was not invited to the meeting, was not named in the statement. 

  • The countries raised the issue of safe harbors – an indirect reference to Russia and other countries that sometimes turn a blind eye to cyber criminals within their borders. 
  • “We will leverage diplomacy through coordination of action in response to states whenever they do not address the activities of cyber criminals,” the statement said.

Missouri’s governor targeted a newspaper for revealing a vulnerability on a government website

Missouri Gov. Mike Parson (R) referred the St. Louis Post-Dispatch and its reporters for criminal prosecution after they wrote about a security vulnerability on a government website that exposed as many as 100,000 teachers’ Social Security Numbers, the Kansas City Star’s Jonathan Shorman and Jeanne Kuang report. Parson also argued that it was “clearly a hack,” although the information was publicly accessible.

The Post Dispatch says it notified the state’s Department of Elementary and Secondary Education (DESE) of the vulnerability and waited to publish its story on the vulnerability until the issue had been fixed.

“The reporter did the responsible thing by reporting his findings to DESE so that the state could act to prevent disclosure and misuse,” Post-Dispatch attorney Joseph Martineau told the outlet.

The U.S. government should revamp its election security efforts, a former top election official said

Matt Masterson, who led the CISA’s election security efforts from 2018 to 2020, delivered a dire warning about the state of democracy and called for the U.S. Election Assistance Commission to be drastically reorganized in a Stanford Internet Observatory report, CyberScoop’s Tim Starks reports. The EAC is an independent government agency that issues voluntary guidelines for voting machines. Masterson was an EAC commissioner before he joined CISA.

“It is time to recognize the EAC for what it is: a poorly structured agency that has little ability to do more than the bare minimum to fulfill its mission,” according to the report. The report argues that the commission would be more effectively led by its executive director as opposed to its commissioners.

EAC Chairman Don Palmer blasted the recommendation in a statement to CyberScoop. The recommendation “can’t in good faith be viewed as an impartial recommendation from a respected academic institution,” Palmer said, later arguing that “personal animus over the dysfunction he participated in should not interfere with the importance of the good election work the Commission is currently doing.”

Privacy patch

Systems that scan devices for illegal content pose security risks, critics say

More than a dozen cybersecurity experts argue in a new paper that such a system “by its nature creates serious security and privacy risks for all society while the assistance it can provide for law enforcement is at best problematic.” Apple made the highest-profile proposal for such a system this year when it announced plans to scan Apple devices for images shared by child predators and pedophiles. The proposal came under fire by security researchers and privacy activists, who argued that the system would open a back door into iPhones. Apple has delayed the rollout of the feature.

Britney Spears was spied on through iCloud. Other women recount similar horrors. (Motherboard)

U.S. pursues a unique solution to fight hackers. It revolves around esports. (Noah Smith)

Cyber insecurity

US govt reveals three more ransomware attacks on water treatment plants this year (The Record)

A malware botnet has made more than $24.7 million since 2019 (The Record)

‘Urgent Pizza’: The untold story of the largest hack in Twitch’s history (Motherboard)

“Hacker X”—the American who built a pro-Trump fake news empire—unmasks himself (Ars Technica)

Encryption wars

You can now encrypt your WhatsApp backups stored in cloud (TechCrunch)


  • CISA Executive Assistant Director for Cybersecurity Eric Goldstein speaks at an American University Washington College of Law event today at 10:30 a.m.

Secure log off

Thanks for reading. Have a fantastic weekend!