DOJ to give ransomware attack investigations priority similar to terrorism

Companies and individual users all around the world are facing an increasing threat posed by ransomware. Ransomware is software installed on computers that typically encrypts disk contents that can only be recovered if the user pays the group or individual who installed it a ransom to remove it. One of the most recent high-profile ransomware attacks happened against the Colonial Pipeline, significantly disrupting fuel supplies around the United States.

In the wake of that attack, the US Department of Justice has announced that it is elevating investigations of ransomware attacks to a priority similar to that given to terrorism attacks. On Thursday, the US attorney's offices around the country were given internal guidance about ransomware investigations in the field, telling the offices that investigations of this type should be centrally coordinated with a task force in Washington that was recently created.

John Carlin, a principal associate Deputy Attorney General at the Justice Department, says that the DOJ is using a new specialized process to ensure all ransomware cases are tracked regardless of where the cases might be referred within the country. The goal is to allow connections to be made between perpetrators in an attempt to disrupt the entire chain.

In May, a cybercriminal group believed to operate out of Russia penetrated computer systems used by Colonial Pipeline and locked computer systems. The attackers issued a ransom demand, and Colonial Pipeline reportedly paid nearly $5 million to regain access to their systems. The hack led to a shutdown of the pipeline for several days resulting in a spike in fuel prices, localized fuel shortages in the southeast, and gasoline hoarding.

Reports indicate that the DOJ guidance refers explicitly to the Colonial Pipeline hack as an example of the threat of ransomware and other types of digital extortion pose to the US. The guidance provided by the Justice Department says the goal is to ensure the DOJ can make necessary connections across national and global cases and investigations, allowing the development of a comprehensive picture of threats faced by the US.