The US will deal with ransomware attacks like terrorism

The US Department of Justice will elevate investigations of ransomware attacks to a similar priority level as terrorism investigations.
4 June 2021

US govt to deal with ransomware attacks like terrorism. (Photo by MANDEL NGAN / AFP)

  • The new model for collecting and tracking information from cases around the country is similar to the model used for issues of national security like terrorism
  • Biden Administration is seeking to disrupt ransomware networks

Following a string of escalating ransomware attacks that stopped gasoline and jet fuel from flowing up the East Coast of the United States, closing off beef and pork production from one of the country’s leading food suppliers, the US Department of Justice (DoJ) has decided to coordinate investigations on ransomware attacks with similar protocols it uses for terrorism cases, according to internal guidance sent to the offices of US attorneys.

The guidance indicated that investigations into ransomware should be coordinated with a newly-created task force in Washington given how the recent attacks have propelled ransomware to the top of US President Joe Biden’s national security agenda. According to the Justice Department’s acting deputy attorney general John Carlin, “It’s a specialized process to ensure we track all ransomware cases regardless of where it may be referred in this country, so you can make the connections between actors and work your way up to disrupt the whole chain.”

Last month, a cybercriminal group that the US authorities said operates from Russia, penetrated a pipeline operator on the US East Coast, locking its systems and demanding a ransom. The hack caused a shutdown lasting several days, led to a spike in gas prices, panic buying, and localized fuel shortages in the southeast.

Colonial Pipeline decided to pay the hackers who invaded their systems nearly US$5 million to regain access, the company said. Shortly after that incident, Japanese film company Fujifilm appears to be the latest victim in a recent blitz of ransomware attacks. The firm has announced that it’s investigating the “possibility of a ransomware attack,” while noting that it was still working to determine “the extent and the scale” of the incident.

“Fujifilm Corporation is currently carrying out an investigation into possible unauthorized access to its server from outside of the company,” it said in a statement Wednesday. “As part of this investigation, the network is partially shut down and disconnected from external correspondence,” the company further stated, while noting it had suspended “all affected systems in coordination with our various global entities.”

With all the mounting cases of ransomware attacks the Justice Department’s decision to push ransomware into this special process illustrates how the issue is being prioritized, US officials said. The guidance that was seen by Reuters also indicated that “To ensure we can make necessary connections across national and global cases and investigations, and to allow us to develop a comprehensive picture of the national and economic security threats we face, we must enhance and centralize our internal tracking.”

In practice, it means that investigators in the US attorney’s offices handling ransomware attacks will be expected to share both updated case details and active technical information with leaders in Washington. Concerns on ransomware attacks are expected to be part of Biden’s discussions next week in Europe, during meetings with allies, and in his summit with President Vladimir V. Putin of Russia. The administration accuses Russia of both launching cyberattacks against the US and harboring ransomware hackers.