EXECUTIVE SUMMARY:
The US Department of Justice has distributed guidance to US attorney’s offices across the nation stipulating that ransomware investigations must now be centrally coordinated with a task force in Washington DC. The new approach elevates ransomware attacks to the same threat level as terrorist attacks.
The latest ransomware attacks in the US struck a major fuel firm, a meatpacking group, and multiple East Coast transit authorities.
In a letter to federal prosecutors, Deputy Attorney General, Lisa Monaco, stated that “…the Department must make sure that its efforts in combatting digital extortion are focused, coordinated and appropriately resourced”.
By issuing formal ransomware reporting guidelines, the DOJ will be better able to “develop a comprehensive picture of the national and economic security threats we face”. The initiative demonstrates the pervasiveness of ransomware and how serious the US is when it comes to addressing the threat.
“We’ve used this model around terrorism before, but never with ransomware,” says John Carlin, Principle Associate Deputy Attorney General with the US Justice Department.
The ransomware guidance in-depth
The guidance primarily focuses on ransomware. However, it also requests for investigators in US attorney’s offices to make note of other investigations within the cyber crime sphere. Types of investigations that now merit central notification include those related to:
- Counter anti-virus services
- Illicit online forums or marketplaces
- Cryptocurrency exchanges
- Bulletproof hosting services
- Botnets
- Online money laundering services
“We really want to make sure prosecutors and criminal investigators report and are tracking…cryptocurrency exchanges, illicit online forums or marketplaces where people are selling hacking tools, network access credentials – going after the botnets that serve multiple purposes,” stated Carlin.
Former US attorney and cyber crime expert, Mark Califano, noted that the “heightened reporting could allow DOJ to more effectively deploy resources”. It may also function as a means of zeroing in on common exploits leveraged by cyber criminals.
The cryptocurrency component
After Colonial Pipeline paid a $4.4 million ransom to hackers, the payment provoked a discussion regarding the legitimacy of paying hackers for network and device decryption keys. A few scattered ransomware incidents involving small amounts of money might have been overlooked, but a large volume of global enterprises paying millions to hackers? That has drawn attention.
In 2020, US targets cumulatively reported nearly 2,500 ransomware attack events. This represents a 66% increase over statistics from 2019.
Is banning cryptocurrency payments (untraceable digital payments) the right answer? Experts assert mixed views. According to a 2021 report from Chainalysis, the volume of transactions over blockchain that are also linked to criminal activity has dipped to less than 0.5%.
The latest ransomware attacks and security
FBI Director, Christopher Ray, has compared the recent cyber attacks on Colonial Pipeline and JBS to the September 11th terrorist attacks. According to Ray, the agency is looking into roughly 100 different strains of recently deployed ransomware.
Unless swift action is taken, “this list of ransomware attacks, it will get longer” reports CBS news.
Yesterday, the White House issued an alert to American companies, informing them that ransomware presents an imminent threat. “No company is safe,” stated a signed letter. Leaders are encouraged to connect with their teams and to ensure that appropriate cyber security architecture is in place.
For more on this story and on the latest ransomware attacks, visit Reuters.
