DOJ to Give Ransomware Attacks Same Priority as Terrorism

DOJ to Give Ransomware Attacks Same Priority as Terrorism
A general view of the Department of Justice building in Washington, on April 18, 2019. (Amr Alfiky/Reuters)
Janita Kan

The Justice Department will elevate ransomware investigations to a similar level of priority as terrorism in an effort to defeat cybercriminals posing a threat to the nation.

This comes following several recent cyberattacks that crippled infrastructure and paralyzed crucial industries in the United States. In one of those attacks, a cyber criminal group perpetrated a ransomware hack against the Colonial Pipeline, which halted fuel operations resulting in gas shortages across several states.

The department said they have recently created task force in Washington that will coordinate all ransomware investigations currently handled by U.S. attorney's offices across the nation.

"It's a specialized process to ensure we track all ransomware cases regardless of where it may be referred in this country, so you can make the connections between actors and work your way up to disrupt the whole chain," John Carlin, principle associate deputy attorney general at the department, told Reuters.

Reuters, who reviewed the internal guidance about the new direction, reported that the centralized tracking of the investigations will help the federal authorities to build a "comprehensive picture of the national and economic security threats we face" and draw necessary connections between separate attacks.

The model, the department said, has been used in terrorism cases but never before with ransomware, Carlin said. The guidance also asked U.S. attorneys to also share information about other cybersecurity cases such as ones involving in counter anti-virus services, illicit online forums or marketplaces, cryptocurrency exchanges, bulletproof hosting services, botnets and online money laundering services, the news wire reported.

"We really want to make sure prosecutors and criminal investigators report and are tracking ... cryptocurrency exchanges, illicit online forums or marketplaces where people are selling hacking tools, network access credentials—going after the botnets that serve multiple purposes," Carlin said.

The Justice Department did not immediately respond to The Epoch Times' request for comment.

Colonial Pipeline paid $4.4 million to ransomware attackers to regain access, the company said. Company executives acknowledged that the decision was controversial but said they believed it was the right thing to do as the company was uncertain about the severity of the cyberattack on the firm’s systems.
The world’s largest meat supplier JBS was also targeted for a separate ransomware attack this week. The attack disrupted meat production in North America and Australia. The FBI has since tied the attack to a Russia-linked hacking group REvil, which is also known as Sodinokibi.
“We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice,” the FBI said in a statement. “We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable.”
Janita Kan is a reporter based in New York covering the Justice Department, courts, and First Amendment.