In the wake of the Colonial Pipeline hack and mounting damage caused by threat actors, the U.S. Department of Justice is elevating investigations of ransomware attacks to a similar priority as terrorism.

Last month, Colonial Pipeline, the largest fuel pipeline operator in the U.S., was forced to shut down after being hit by ransomware in a clear demonstration of the vulnerability of energy infrastructure to this type of cyberattacks.

The Federal Bureau of Investigation confirmed that the DarkSide ransomware gang is behind the massive breach, as new information surfaced about the group.

According to Reuters, memos had been sent out to all US Attorney’s Offices explaining that ransomware attacks would be investigated in a manner similar to incidents of terrorism.

Technology journalist Kim Zetter took to Twitter a snippet of a memo sent by Deputy Attorney General Lisa Monaco. The memo says that urgent reports should be filed every time a US Attorney’s Office learns about a ransomware attack.


According to U.S. officials, the DOJ’s decision to push ransomware into this special process shows exactly how the issue is being prioritized.

To ensure we can make necessary connections across national and global cases and investigations, and to allow us to develop a comprehensive picture of the national and economic security threats we face, we must enhance and centralize our internal tracking.


This decision means that investigators in U.S. attorney’s offices handling ransomware attacks will be expected to share both updated case details and active technical information with leaders in Washington.

Additionally, the guidance asks the offices to look at and include other investigations focused on the larger cybercrime ecosystem.

John Carlin, principal associate deputy attorney general at the Justice Department, announced that

We really want to make sure prosecutors and criminal investigators report and are tracking … cryptocurrency exchanges, illicit online forums or marketplaces where people are selling hacking tools, network access credentials – going after the botnets that serve multiple purposes.


Heimdal Official Logo
Neutralize ransomware before it can hit.

Heimdal™ Ransomware Encryption Protection

Specifically engineered to counter the number one security risk to any business – ransomware.
  • Blocks any unauthorized encryption attempts;
  • Detects ransomware regardless of signature;
  • Universal compatibility with any cybersecurity solution;
  • Full audit trail with stunning graphics;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

The DOJ’s decision to create a centrally coordinated response will provide authorities with more evidence and data while also helping with the identification and targeting of the entire chain of attack.

Leave a Reply

Your email address will not be published. Required fields are marked *