Justice Department orders prosecutors to more closely track ransomware, share case information

The goal is to have a clearer view of extortion attempts occurring in every state, and any progress that’s being made in tracking down the perpetrators.
Justice Department DOJ seal
(Photo by Ramin Talaie/Getty Images)

The Justice Department has required federal prosecutors across the U.S. to more closely track ransomware cases and notify department officials of key developments in the prosecution of hackers.

It’s a move that, in the wake of ransomware attacks on key U.S. distributors of fuel and meat, elevates the fight against ransomware as a top priority for the government’s law enforcement division. The goal is to have a clearer view of extortion attempts occurring in every state, and any progress that’s being made in tracking down the perpetrators.

A memo that Deputy Attorney General Lisa Monaco sent to U.S. Attorneys offices on Thursday requires the offices to notify senior department officials in Washington whenever they learn of a new ransomware attack in their district. Such “urgent reports,” for example, should cover ransomware incidents affecting critical infrastructure or a municipal government — something that happens regularly.

“To ensure we can make necessary connections across national and global cases and investigations … we must enhance and centralize our internal tracking of investigations and prosecutions of ransomware groups and the infrastructure and networks that allow the threats to persist,” Monaco wrote in the memo, which Reuters first reported.


The memo also requires federal prosecutors to notify senior Justice Department officials whenever they open a new case involving ransomware, or when there is a significant development in those cases, such as a plea deal.

The new Justice Department policy comes as U.S. officials investigate a pair of ransomware hacks that the FBI has blamed on Russian-speaking hackers. The breach of IT systems at Colonial Pipeline in early May shut down the main artery for delivering fuel to the East Coast for days and led Americans to horde gasoline. Earlier this week, hackers disrupted plant operations for JBS, the world’s largest meat supplier.

The White House says that President Joe Biden plans to raise the issue of cybercriminals operating from Russian soil with President Vladimir Putin at a bilateral meeting this month.

Amid a spate of hacks, the Justice Department is conducting a four-month review of its policies to counter malicious cyber activity, and has set up a task force to consider new ways of thwarting ransomware gangs.

The full Justice Department memo is available online.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts