The U.S. Department of Justice (DoJ) will be elevating investigations into ransomware attacks to have the same priority as national security threats, such as terrorism. In guidance issued across the country, the DoJ said it believes this will allow the country to better infiltrate the ransomware networks and bring them down.
The U.S. has seen worryingly rising ransomware incidents—both in numbers and severity. The attack on Colonial Pipeline was one of the biggest in recent time, crippling a company that controls nearly half of the gasoline flowing into the East Coast. Colonial Pipeline ended up paying 75 BTC, worth nearly $5 million at the time. In general, ransomware shot up to become a $20 billion business in 2020, with research finding there’s an attack every 11 seconds.
This rise in ransomware is worrying the DoJ, and according to internal guidance seen by Reuters, it believes these cyberattacks deserve the same attention and resources other threats to national security receive.
According to the Reuters report, the DoJ issued the guidance to U.S. attorney’s offices across the country, alerting them to the rising danger cybercriminals pose and urged for coordinated response and investigation with Washington.
John Carlin, a principal associate deputy attorney general at the DoJ, described the new measures as “a specialized process to ensure we track all ransomware cases regardless of where it may be referred in this country, so you can make the connections between actors and work your way up to disrupt the whole chain.”
The guidance specifically pointed to the Colonial Pipeline case as an example of the growing threat that ransomware poses to the United States.
It stated, “To ensure we can make necessary connections across national and global cases and investigations, and to allow us to develop a comprehensive picture of the national and economic security threats we face, we must enhance and centralize our internal tracking.”
Once adopted, the new measure will require U.S. attorneys’ offices handling ransomware attacks to share updated case details and active technical information with higher-ups in Washington. The guidance lists counter anti-virus services, illicit online forums, bulletproof hosting services, online money laundering services and botnets as some of the investigations that require sharing with Washington. Significantly, the list also includes investigations on digital currency services and exchanges.
Carlin commented, “We really want to make sure prosecutors and criminal investigators report and are tracking … cryptocurrency exchanges, illicit online forums or marketplaces where people are selling hacking tools, network access credentials – going after the botnets that serve multiple purposes.”