In the wake of the Colonial Pipeline hack and mounting damage caused by threat actors, the U.S. Department of Justice is elevating investigations of ransomware attacks to a similar priority as terrorism.
Last month, Colonial Pipeline, the largest fuel pipeline operator in the U.S., was forced to shut down after being hit by ransomware in a clear demonstration of the vulnerability of energy infrastructure to this type of cyberattacks.
The Federal Bureau of Investigation confirmed that the DarkSide ransomware gang is behind the massive breach, as new information surfaced about the group.
According to Reuters, memos had been sent out to all US Attorney’s Offices explaining that ransomware attacks would be investigated in a manner similar to incidents of terrorism.
Technology journalist Kim Zetter took to Twitter a snippet of a memo sent by Deputy Attorney General Lisa Monaco. The memo says that urgent reports should be filed every time a US Attorney’s Office learns about a ransomware attack.
Dep AG Lisa Monaco sent memo to all DOJ components and US Attorneys Offices this am announcing new policy for reporting ransomware incidents. It requires US attorneys to file urgent report to DoJ computer crimes division as soon as they learn of a significant attack/incident pic.twitter.com/ZulHoaCDrm
— Kim Zetter (@KimZetter) June 3, 2021
According to U.S. officials, the DOJ’s decision to push ransomware into this special process shows exactly how the issue is being prioritized.
To ensure we can make necessary connections across national and global cases and investigations, and to allow us to develop a comprehensive picture of the national and economic security threats we face, we must enhance and centralize our internal tracking.
This decision means that investigators in U.S. attorney’s offices handling ransomware attacks will be expected to share both updated case details and active technical information with leaders in Washington.
Additionally, the guidance asks the offices to look at and include other investigations focused on the larger cybercrime ecosystem.
John Carlin, principal associate deputy attorney general at the Justice Department, announced that
We really want to make sure prosecutors and criminal investigators report and are tracking … cryptocurrency exchanges, illicit online forums or marketplaces where people are selling hacking tools, network access credentials – going after the botnets that serve multiple purposes.
Heimdal™ Ransomware Encryption Protection
- Blocks any unauthorized encryption attempts;
- Detects ransomware regardless of signature;
- Universal compatibility with any cybersecurity solution;
- Full audit trail with stunning graphics;
The DOJ’s decision to create a centrally coordinated response will provide authorities with more evidence and data while also helping with the identification and targeting of the entire chain of attack.