US Deputy Attorney General Lisa Monaco unveiled two new Justice Department enforcement initiatives aimed at targeting cryptocurrencies and government contractors who fail to report cyber breaches.
During a virtual speech at the Aspen Cyber Summit Monaco announced the launch of the National Cryptocurrency Enforcement Team, whose goal will be to “strengthen” the Justice Department’s ability to disable financial markets that allow cybercriminals to “flourish.”
The group will include a mix of anti-money laundering and cybersecurity experts.
“Cryptocurrency exchanges want to be the banks of the future, well we need to make sure that folks can have confidence when they’re using these systems and we need to be poised to root out abuse,” Monaco said. “The point is to protect consumers.”
Cybercriminals that attack US companies with ransomware, a type of malware that encrypts systems and demands payment, are typically paid in cryptocurrency. The hackers often use a mix of different cryptocurrency services to accept and transfer these payments, helping hide them from law enforcement.
Monaco also announced the creation of a civil cyber fraud initiative, which will “use civil enforcement tools to pursue companies, those who are government contractors, who receive federal funds, when they fail to follow recommended cybersecurity standards.”
“For too long, companies have chosen silence under the mistaken belief that its less risky to hide a breach than to bring it forward and report it. That changes today,” Monaco said.
The announcements come after several high profile cyberattacks earlier this year against international companies and government agencies.
Indeed, the attack on US energy specialist Colonial Pipeline earlier this year is perhaps the most significant in a series of similar cyber-attacks from sophisticated criminals, with other targets including meat producer JBS; Toshiba; Axa Insurance; CNA Insurance; and the Irish Health Service.
In the case of Colonial Pipeline significant disruption was suffered by the US East coast energy infrastructure network, and Colonial ended up paying a $4.4 million ransom – though reports have suggested that with the help of US federal agencies $2.3 million of the cryptocurrency demand was subsequently recouped.