Ransomware attack investigations will be treated with the same level of urgency as terrorism incidences in America, according to a senior official in the United States Department of Justice (DOJ) following the Colonial Pipeline attack and a number of other recent high-profile, destructive cyber-attacks.
The Colonial Pipeline attack is cited as a prime example of the “growing threat that ransomware and digital extortion pose to the nation.”
“It’s a specialized process to ensure we track all ransomware cases regardless of where it may be referred in this country, so you can make the connections between actors and work your way up to disrupt the whole chain,” stated the associate deputy attorney general at the Justice Department, John Carlin.
The process Carlin is describing is usually used in cases of national security, which has previously been used with terrorism but never before with ransomware.
Carlin states: “We really want to make sure prosecutors and criminal investigators report and are tracking … cryptocurrency exchanges, illicit online forums or marketplaces where people are selling hacking tools, network access credentials – going after the botnets that serve multiple purposes.”
Investigators in U.S. attorney’s offices handling ransomware attacks will now be expected to share both updated case details and active technical information with leaders in Washington. The guidance also asks the offices to look at and include other investigations focused on the larger cybercrime ecosystem.