The U.S. Department of Justice plans to equate investigations into ransomware attacks with investigations into terrorism in the wake of the Colonial Pipeline hack.
Colonial Pipeline before, and recently the JBS attack, demonstrated that allegedly financially motivated ransomware attack could have a dramatic impact on the targeted organizations and on the related sectors.
The US authorities created a special task force to coordinate investigation into ransomware attacks in the country.
“Internal guidance sent on Thursday to U.S. attorney’s offices across the country said information about ransomware investigations in the field should be centrally coordinated with a recently created task force in Washington.” reported Reuters.
“It’s a specialized process to ensure we track all ransomware cases regardless of where it may be referred in this country, so you can make the connections between actors and work your way up to disrupt the whole chain,” said John Carlin, principle associate deputy attorney general at the Justice Department.
The DOJ guidance refers to Colonial as a case study, it demonstrates the “growing threat that ransomware and digital extortion pose to the nation.” Ransomware attacks represent a threat to national security and the economy, for this reason, it is important to step up the effort to increase the resilience of the critical infrastructure and dismantle ransomware gang operations.
“To ensure we can make necessary connections across national and global cases and investigations, and to allow us to develop a comprehensive picture of the national and economic security threats we face, we must enhance and centralize our internal tracking,” said the guidance seen by Reuters.
This is the first time that a model for the investigation into terrorism is proposed for the analysis of ransomware attacks, a move that is the response of the US DoJ to the increasing threat to national security.
The guidance also asks the U.S. Attorney’s offices to take care of other investigations focused on the overall cybercrime ecosystem, specifically, it requires centralized coordination for cases involving counter anti-virus services, illicit online forums or marketplaces, cryptocurrency exchanges, bulletproof hosting services, botnets, and online money laundering services.
“We really want to make sure prosecutors and criminal investigators report and are tracking … cryptocurrency exchanges, illicit online forums or marketplaces where people are selling hacking tools, network access credentials – going after the botnets that serve multiple purposes,” said John Carlin, principle associate deputy attorney general at the Justice Department..
(SecurityAffairs – hacking, ransomware)