US raises the priority of cyberattack investigations to the level of terrorism cases

Investigations into ransomware attacks in the United States have been given the same priority level as terrorism cases, Reuters reports.

According to the report, on May 3, all U.S. attorney’s offices were instructed to share information about attacks involving ransomware with a coordination group recently established in Washington.

US Deputy Attorney General John Carlin told Reuters that this is necessary to track the deployment of ransomware regardless of the region where the incident occurred. Such a practice will allow investigators to “connect the dots” to “break the chain”.

“We have already used this model in relation to terrorism, but never—in relation to ransomware,” Carlin noted.

The Department of Justice also ordered investigators to share information with Washington about other cyber-security investigations, including those related to cryptocurrency exchanges and online money laundering.

“We really want to ensure that investigators and prosecutors monitor the activities of cryptocurrency exchanges, illegal online forums, and marketplaces where people sell hacking tools,” added Carlin.

As an example of the “growing threat posed by ransomware,” the Justice Department cited the incident involving the United States’ largest pipeline company, Colonial Pipeline.

In May, the attack involved ransomware that encrypted about 100 GB of data and locked the computer systems, and according to reports, Colonial Pipeline paid the hackers a ransom in cryptocurrency.

In the same month, the insurance company CNA Financial paid $40 million to restore control over its computer networks after a Phoenix Locker ransomware attack.

On June 3, the chair of the House Oversight Committee, Carolyn Maloney, sent letters to Colonial Pipeline and CNA Financial requesting incident-related documents by June 17.

NEW: @OversightDems Chair @RepMaloney sent letters to Colonial Pipeline Company and CNA Financial Corporation requesting documents regarding their decisions to pay ransoms following recent ransomware attacks.

— Oversight Committee (@OversightDems) June 3, 2021

The committee wants to know how the companies detected the attacks and whether they sought external counsel about paying the ransom. The department also asked for communications and files from the attackers, including decryption tools.

Earlier, the Biden administration said that the fight against ransomware would be its top priority. The White House stressed that a tool is needed to track cryptocurrency transactions.

On 30 May, the world’s largest meat-processing company JBS became the victim of a ransomware attack. Officials said that Russian hackers were likely involved in the incident.

Subscribe to ForkLog news on VK!