U.S. finally flexes ransomware muscle