DOJ touts work with Kaseya, urges more ransomware victims to contact CISA, FBI
A senior Justice Department official urged more ransomware victims to come forward and approach law enforcement agencies for assistance, touting the work done with software provider Kaseya last year.
Speaking at the Aspen Cyber Summit on Wednesday, Eun Young Choi, Director of the DOJ’s National Cryptocurrency Enforcement Team, said her office is tracking more than 100 ransomware variants and is increasingly having success in helping victims.
She noted that part of the ransom paid by Colonial Pipeline after last year’s ransomware attack was clawed back through the blockchain only a month after it was handed over.
Choi also noted that anyone on the fence about approaching law enforcement agencies after a ransomware attack should speak with Kaseya, which suffered a devastating attack on the weekend of July 4 last year.
The attack had wide-ranging effects on thousands of organizations but was eventually remediated and led to the rare instance of U.S. officials taking offensive actions against the ransomware group behind the incident.
Choi noted that her office now has more than 150 digital asset coordinators and investigators focused on cryptocurrency-related crimes. She encouraged victims to contact the FBI, CISA, or DOJ if they are ever dealing with a ransomware attack.
Later in the discussion, she highlighted two seizures this year — $3.6 billion in February linked to the 2016 Bitfinex hack and $3.3 billion earlier this month that was originally siphoned from the Silk Road darknet marketplace.
“We’re getting better at this,” Choi said. “We’re applying that not only to ransomware to the broader operations of cybercrime as well.”
Heather Trew of the Treasury Department’s virtual currencies division also appeared on the panel and spoke at length about her office’s efforts to share information with other agencies.
Trew flagged how the Office of Foreign Assets Control (OFAC) has been ramping up sanctions on cybercriminals and nation-state hackers.
“We’d be remiss to not mention sanctions, they’re a critical action,” she said, comparing them to “the financial death penalty to designated persons or in some cases jurisdictions.”
Recorded Future, the parent company of The Record, is a sponsor of the Aspen Cyber Summit.