If you are involved in a ransomware attack you might be convicted under US Terrorism Act

According to an inside informant at the US Department of Justice (DOJ), the government has made the decision to investigate attacks similar to the one detected in Colonial Pipeline in a comprehensive manner and in coordination with a central authority. The report, published by Reuters, notes that the US Government has decided to address these threats in the same way that other organized crime groups are investigated and in accordance with the decisions of a Washington-based task force.

As users will recall, a few weeks ago a group of hackers operating from Russia compromised the pipeline’s networks, blocking critical systems and demanding a million-dollar ransom. This incident led to a temporary interruption of operations, in addition to involving increases in gasoline prices and a scenario of shortages.

Colonial Pipeline executives decided to pay the ransom (nearly $5 million USD) to regain access to the compromised systems. The DOJ documents point to this incident as a “clear example that ransomware is one of the greatest threats to national security.”

After this attack, the DOJ began to raise the need to improve its security and monitoring mechanisms, trying to prioritize attention to these security incidents.

John Carlin, doj’s attorney general, mentions, “This is an approach employed to address terrorism tactics, although we have never attempted to counter ransomware incidents with this method.” The DOJ mentions that investigators in the U.S. attorney’s offices handling ransomware attacks are expected to share both updated case details and active technical information with leaders in Washington.

This new policy to address ransomware attacks also requires offices to perform a comprehensive analysis in conjunction with other organizations, in addition to complying with some features such as antivirus scanning, dark web hacking forums, cryptocurrency platforms and anonymous hosting services. As you may recall, the term anonymous hosting (also known as bulletpfroof hosting) refers to the online infrastructure services employed by cybercriminal communities, providing techniques to reinforce privacy and anonymity.

Carlin concludes by mentioning, “We really want to make sure that prosecutors and criminal investigators report and are tracking any possible links to a ransomware attack, including websites for buying and selling cryptocurrencies, hacking forums, and even legitimate-looking platforms, taking the fight against ransomware to the next level.”

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.