Audit of the Department of Justice’s Strategy to Combat and Respond to Ransomware Threats and Attacks

Date Issued

Tuesday, September 17, 2024

Submitting OIG

Department of Justice OIG

Other Participating OIGs

Department of Justice OIG

Agencies Reviewed/Investigated

Department of Justice

Components

Federal Bureau of Investigation

Other DOJ Components

Report Number

24-107

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Report updated under NDAA 5274

Open Recommendations

This report has 2 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use	Additional Details
1	No	$0	$0	Status as of March 31, 2025
Work with the relevant components to better align metrics across the Department and to determine what metrics for the ransomware threat, including metrics tracking disruption efforts, are most impactful, and which demonstrate the effectiveness of its actions to combat the ransomware threat.
2	No	$0	$0	Status as of March 31, 2025
Assess the U.S. Attorneys' Offices (USAO) implementation of the deconfliction policy, for ransomware cases, to ensure that federal prosecutors have a consistent understanding of the policy and comply with its requirements.