Cybersecurity

To fight ransomware, DOJ wants companies to talk more

Cyberattack, financial services

Better communication between law enforcement and companies could put a dent in ransomware attacks that have been the scourge of corporate America in recent months, according to a top Justice Department official.

"As long as people are handling that on their own and making payments, we're funding the development of more of these tools and more of these actors," John Carlin, assistant attorney general for national security, said June 28 at the Center for Strategic and International Studies.

Ransomware is a form of malware that often encrypts a computer user's data until hackers are paid off, usually via crypto-currency. The FBI discourages ransomware victims from paying off hackers, but with their proprietary data on the line, companies often cave. Hackers exacted $209 million in ransomware payments in the first three months of 2016, according to the FBI.

A spate of recent ransomware attacks on U.S. hospitals have alarmed policymakers, drawing attention to what is increasingly seen as a serious threat to U.S. companies and infrastructure. And federal agencies are far from immune. There have been 321 incident reports of "ransomware-related activity" affecting 29 different federal networks since June 2015, the Department of Homeland Security said in a report publicized in March.

Carlin used the recent case of an Islamic State-linked hacker named Ardit Ferizi to preach the virtues of closer government-industry cooperation in tackling cyber crime.

Earlier this month, Ferizi pleaded guilty to providing material support for the Islamic State. The Kosovar is accused of breaking into the database of an unnamed company that contained the personal information of U.S. federal employees. Ferizi then allegedly passed that information to an IS terrorist who posted it to social media with an exhortation for IS sympathizers to kill the named Americans.

Ferizi allegedly asked the victim company for about $500 in Bitcoin to relinquish access to the company's server. Carlin praised the company for working with law enforcement rather than keeping the matter to itself. No U.S. company that knew a hacker had ties to the Islamic State would choose to handle such an extortion scheme on their own, he added.

The problem for Carlin and the Justice Department, however, is that the Ferizi case is not the norm. "All across the country today, there are companies [that] do not" work with the U.S. government when they are being extorted via ransomware or some other method, Carlin told reporters. "The more common practice would be just to pay off" the hackers, he said.

Carlin worried about what he called a "blended threat" of criminal hackers like Ferizi teaming up with terror groups or nation-states.

"As the cost of getting caught increases, you're going to see nation-states trying to use proxy groups to commit their activity, and part of that might be trying to take advantage of criminal groups," Carlin said. 

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.