Cyber Security

US to treat ransomware like terrorism

Digital global world map and technology research develpoment analysis to ransomware attack

The U.S. Department of Justice (DOJ) is elevating investigations of ransomware attacks to a similar priority as terrorism, a senior official told Reuters. 

According to Reuters, internal guidance sent recently to U.S. attorney’s offices across the country stated information about ransomware investigations in the field should be centrally coordinated with a recently created task force in Washington. “It’s a specialized process to ensure we track all ransomware cases regardless of where it may be referred in this country, so you can make the connections between actors and work your way up to disrupt the whole chain,” said John Carlin, principle associate deputy attorney general at the Justice Department.

The DOJ guidance references the Colonial Pipeline ransomware attack as an example of “the growing threat that ransomware and digital extortion pose to the nation.” 

The guidance, seen by Reuters, said, “To ensure we can make necessary connections across national and global cases and investigations, and to allow us to develop a comprehensive picture of the national and economic security threats we face, we must enhance and centralize our internal tracking.” 

According to Carlin, this model has been previously used by investigators in U.S. attorney’s offices when handling terrorism, but never before with ransomware. Now, investigators will be expected to share updated case details and active technical information with leaders in Washington, Reuters reports. 

In addition, the guidance asks the offices to look for and include other investigations, such as cases involving: counter anti-virus services, illicit online forums or marketplaces, cryptocurrency exchanges, bulletproof hosting services, botnets and online money laundering services. 

Tyler Shields, CMO at JupiterOne, a Morrisville, N.C.-based provider of cyber asset management and governance solutions, notes, “Viewing ransomware attacks as an act of terrorism in a generic sense is likely incorrect and requires additional nuance. Ransomware isn’t something that can be labeled with a broad stroke like that. If someone attacked a small dental office with ransomware, it’s most certainly not an act of terrorism. However, if they take down critical infrastructure such as an oil pipeline or water system then it is. It’s more about the target of the attack and the meaning and intention than it is about the type of attack. However, if this is what it takes to get strong responses out of the U.S. Government to track down issues then it may still be the best option.”

Though raising the priority of ransomware attacks is a good step, says Dirk Schrader, Global Vice President, Security Research at New Net Technologies (NNT), a Naples, Fla.-based provider of cybersecurity and compliance software,it cannot remain the only one in order to be effective in reducing the amount of ransomware cases. “For now, it is more about collecting and centralizing information. Additional steps should be focused around a requirement to report any case of ransomware to authorities, strongly discouraging the payment of a ransom. Also, it will be necessary to influence the extended ecosystem around ransomware, the protection against, the risk transfer to insurances, any international legal aspects related to investigation and enforcement. Companies might not be willing to report a ransomware incident if that reporting will delay the resolution, will delay the return to normal operation due to investigations being slow and will be time and resource consuming. That is another aspect that would have to considered in the overall efforts in tackling ransomware. One of the first things a company should do to reduce the likelihood of becoming a ransomware victim, and to limit the impact, is to follow the essential guidelines of CIS (or others), so that its attack surface is as small as possible. Incentivizing this behavior is crucial to root out ransomware.”

Source: https://www.securitymagazine.com/articles/95366-us-to-treat-ransomware-like-terrorism

Click to comment

You May Also Like

Business News

LONDON (AP) — British police confirmed Friday that an ex-soldier who escaped from prison while awaiting trial on terrorism charges was spotted at a busy roundabout...

Cyber Security

Privileged users typically hold crucial positions within organizations. They usually have elevated access, authority, and permission levels in the organization’s IT systems, networks, applications,...

Business News

BEIRUT (AP) — A Syrian citizen suspected of being behind a deadly bombing that killed and wounded dozens near the capital, Damascus, last month...

Business News

NEW YORK (AP) — Rudy Giuliani glared across a Washington hearing room as a lawyer seeking his disbarment after the Jan. 6 insurrection asked: How did...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO

Exit mobile version