After the largest pipeline system in the US, run by Colonial Pipeline, became the victim to a ransomware attack that cost its owners $5 million in ransom, the US Department of Justice has announced that it will now be giving investigations pertaining to ransomare attacks similar priority as those given to terrorist attacks.
Centrally Coordinated
The Department sent internal guidance to the offices of all US attorneys across the country on Thursday regarding the issue. As per the guidance, information about investigations on ransomware attacks should be coordinated centrally, and a task force has recently been created in Washington D.C. for the same.
John Carlin, Principle Associate Deputy Attorney General at the Department of Justice, explained the move, saying that it is a “specialized process”, which has been put in place to ensure tracking of all ransomware cases, regardless of whether they are referred in the US or not.
The Issue at Colonial Pipeline
In case you’re not aware, last month, Colonial Pipeline, which runs along the East Coast nearly the United States, came under attack by ransomware group DarkSide, which caused it to remain shut for several days, disrupting the supply of fuel in multiple regions. This further led to a rise in the prices of gas, and forced some factories etc. to close their doors for lack of fuel.
Finally, Colonial had decided to acceed to the demands of the hackers, giving them $5 million as ransom.
This incident has been specifically used as an example by the DoJ Guidelines, which call for “necessary connections across national and global cases and investigations”, while spreaking about the need to centralize the tracking.
What the Move Means
Meanwhile, US officials also hailed the move, saying it depicts how such issues are being prioritized. Legal experts have added that till now, only terrorist attacks and issues of national security were given such priority.
What the move means is that US attorneys who are working on ransomware investigations will have to share active case details and active technical information, directly with Washington.
They will also be expected to keep an eye on other cybercrime investigations. The investigations which come under the guidance as needing central notification include: cryptocurrency exchanges, illicit online forums/marketplaces, bulletproof hosting services, online money laundering services, counter anri-virus services, and botnets.