The U.S. Department of Justice (DOJ) recently announced new efforts to combat constantly evolving cyber threats including the “explosion of ransomware and the abuse of cryptocurrency” and issued a warning to companies, advising them to heighten their defenses against cybercriminals and ransomware.

During the keynote speech at the Munich Cyber Security Conference, on February 17, 2022, DOJ Deputy Attorney General Lisa Monaco, noted that “cybersecurity is global security” and that we are facing an “unprecedented threat” as she announced the formation of a new FBI Unit and a new initiative focused on abuses of cryptocurrencies and related cybercrimes.  As part of the federal government’s broad effort to disrupt ransomware operators and other cybercrime groups, the FBI’s Virtual Asset Exploitation Unit (VAXU), will investigate abuses of cryptocurrencies.  The DOJ’s International Virtual Currency Initiative will work with law enforcement, prosecutors, and cryptocurrency platforms to trace ransom payments, develop regulations and anti-money laundering legislation, and facilitate joint global law enforcement collaboration.

The creation of the VAXU and the new initiative reflect the U.S. Government’s increased focus on the nexus between cryptocurrency and illegal activity including ransomware groups. In October, the Justice Department announced the formation of the National Cryptocurrency Enforcement Team (NCET).  At the time, Monaco described NCET as an FBI unit that, “will combine cryptocurrency experts into one nerve center that can provide equipment blockchain analysis, virtual asset seizure and training to the rest of the FBI."

Monaco highlighted the DOJ’s recent seizure of $3.6 billion in Bitcoin allegedly stolen during the hack of the Bitfinex crypto exchange several years ago as evidence that the DOJs efforts are bearing fruit.  Monaco noted, “[g]iven what we did last week, we are sending the clear message that cryptocurrencies should not be considered a safe haven.”  Monaco went on to note that, “[r]ansomware, like many other crimes fueled by cryptocurrency, only work if the bad guys get paid. Which means we have to bust their business model.”  Monaco went on to note that, “[w]e call on all companies dealing with cryptocurrency, we need you to root out all abuses. To those who don’t, we will hold you accountable where we can.”

Monaco also urged companies that are victims of cyberattacks to report the attack to the DOJ so they could assist and prevent future attacks.  She stressed that the DOJ is working with international partners and will be naming a new cyber operations international liaison who will work with law enforcement agencies in Europe and elsewhere on joint investigations.

As the Russia – Ukraine Situation Continues to Escalate, Keep Your Cyber “Shields Up”

In response to a question about current cyber threats, and any potential spillover from the situation between Russia and Ukraine, Monaco noted:

"Given the very high tensions that we are experiencing, companies of any size and of all sizes would be foolish not to be preparing right now as we speak -- to increase their defenses, to do things like patching, to heighten their alert systems, to be monitoring in real-time their cybersecurity. . . . They need to be as we say, 'shields up' and to be really on the most heightened level of alert that they can be and taking all necessary precautions."

Other U.S. Government Agencies Also Advise Heightened Scrutiny

As the Olympics wind down it is especially important for organizations to keep their cyber security systems up to date.  Historically, the relationship between Olympic host China and Russia is a complex one, but the strong relationship between the leaders of the two countries is undeniable. China’s President, Xi Jinping, referred to Russia’s President, Vladimir Putin, as his “best friend” and a in the communiqué, released after the two leaders met on the eve of the Beijing Winter Olympics, declared that, “[f]riendship between the two States has no limits.” Xi went as far as to say that “[t]here are no ‘forbidden’ areas of cooperation.”  With Russia massing troops on Ukraine, several U.S. governmental agencies warned earlier this week of cyberattacks happening at the same time as a potential Russian invasion.

As reported by ABC News and several other news agencies, on a call with state and local officials earlier this week, top cybersecurity officials from the Department of Homeland Security and FBI warned of potential attacks on U.S. cyber infrastructure in concert with a physical invasion of Ukraine. Additionally, in late January, DHS explicitly warned of Russian cyber-attack if it perceived a U.S. or NATO response to a possible Russian invasion of Ukraine threatened its long-term national security.

Although it is always imperative for organizations to be prepared for a potential cyberattack, given the geo-political climate, it is especially important that organizations redouble their efforts and make sure that their information systems defenses are up to date and that all employees are on alert for potential criminal elements attempting to infiltrate information systems. Organizations should remind all their employees from the C-Suite to the Ground Level about the pervasiveness and destructive power of cyberattacks.  This can be accomplished in a variety of ways depending on the size and complexity of your organization, but the message at all organizations should be: “this can happen here; take precautions, prepare for an attack, and stay vigilant.”