The U.S. Department of Justice plans to take a much harsher tack when pursuing cybercriminals involved in ransomware attacks—and will investigate them using strategies similar to those currently employed against foreign and domestic terrorists.
The new internal guidelines, previously reported by Reuters, were passed down to U.S. attorney’s offices throughout the country on Thursday, outlining a more coordinated approach to investigating attacks. The new guidance includes a stipulation that such investigations be “centrally coordinated” with the newly created task force on ransomware run by the Justice Department in Washington, DC. That task force, formed in April, is currently developing a “strategy that targets the entire criminal ecosystem around ransomware” by prioritizing “prosecutions, disruptions of ongoing attacks and curbs on services that support the attacks, such as online forums that advertise the sale of ransomware or hosting services that facilitate ransomware campaigns,” the Wall Street Journal previously reported.
“To ensure we can make necessary connections across national and global cases and investigations, and to allow us to develop a comprehensive picture of the national and economic security threats we face, we must enhance and centralize our internal tracking,” says the guidance, which runs just over three pages.
In response to a request for comment, the Justice Department provided the memo in full.
“It’s a specialized process to ensure we track all ransomware cases regardless of where it may be referred in this country, so you can make the connections between actors and work your way up to disrupt the whole chain,” John Carlin, acting deputy attorney general at the Justice Department, told Reuters. “We’ve used this model around terrorism before but never with ransomware,” he added.
The announcement follows an ongoing and ever-intensifying cybercrime spree—in which larger and larger commercial and governmental entities have been hamstrung by cybercrime groups. The last several weeks have seen large companies—including JBS and Colonial Pipeline—paralyzed by hackers, throwing industrial supply chains that millions of Americans rely on into chaos.
Read the full DOJ memo below:
More: Supreme Court Issues Radical New Reading of Anti-Hacking Law
Clarification: Reuters’ reporting on the contents of the memo builds on earlier reporting by the Wall Street Journal.
DISCUSSION
The problem is that you can’t definitively trace hacks back to an individual. Only to systems involved in the hack. And even then, the accuracy of the systems to which a hack gets tracked is never 100% certain either — you’d have to go over every chip and line of code in every system with a fine-tooth comb to be sure it wasn’t just another link in the chain.
And that assumes you can actually get physical access to the systems in question. Good luck if not.