US to Treat Ransomware Like Terrorism
A senior official at the United States Department of Justice (DOJ) has said that ransomware attacks in America are to be investigated with a similar urgency as incidences of terrorism.
The official told news agency Reuters that cyber-assaults using this particular type of malware are to be prioritized more highly now following a passel of ransomware attacks against entities in the US and elsewhere.
Ransomware victims in recent weeks have included the Colonial Pipeline, meat supplier JBS, the Steamship Authority of Massachusetts, and Fujifilm.
Reuters reports that internal DOJ guidance on ransomware was received by US attorney’s offices across the country on Thursday. Recipients were told that information regarding ransomware investigations in the field must be shared with a recently created task force based in Washington.
“It’s a specialized process to ensure we track all ransomware cases regardless of where it may be referred in this country, so you can make the connections between actors and work your way up to disrupt the whole chain,” said principal associate deputy attorney general at the Justice Department, John Carlin.
The Colonial attack is cited in the guidance as a prime example of the “growing threat that ransomware and digital extortion pose to the nation.”
It reportedly reads: “To ensure we can make necessary connections across national and global cases and investigations, and to allow us to develop a comprehensive picture of the national and economic security threats we face, we must enhance and centralize our internal tracking."
The specialized process described by Carlin is typically used in cases of national security. Central notification will now be compulsory for investigations into counter anti-virus services, illicit online forums or marketplaces, cryptocurrency exchanges, bulletproof hosting services, botnets and online money laundering services.
“We’ve used this model around terrorism before but never with ransomware,” said Carlin.
He added: “We really want to make sure prosecutors and criminal investigators report and are tracking … cryptocurrency exchanges, illicit online forums or marketplaces where people are selling hacking tools, network access credentials – going after the botnets that serve multiple purposes.”
FBI director Christopher Wray said that the agency is investigating around 100 kinds of ransomware, many of which are linked to criminal operators in Russia.
Source: Infosecurity Magazine