The Department of Justice is planning to coordinate its ransomware attack investigations with similar protocols it uses for terrorism cases, according to internal guidance sent to U.S. attorney’s offices reviewed by Reuters.
Why it matters: The new guidance comes in the wake of at least two significant ransomware attacks against major U.S. businesses in roughly a month and as the Biden administration attempts to devise ways to thwart future attacks.
Context: In May, a criminal group breached the Colonial Pipeline, the largest refined products pipeline network in the country.
- The attack forced the pipeline to shutdown, halting fuel deliveries along the East Coast for days. The company paid the hacker group $4.4 million to regain access to its computers.
- A Russia-linked ransomware group forced all of JBS SA's beef plants in the U.S. to temporarily shut down this week, exposing the vulnerability of the world's largest meat processor.
What they're saying: According to the guidance, all information garnered from field investigations into ransomware attacks must be shared with the department's ransomware task force, which was created in April.
- “To ensure we can make necessary connections across national and global cases and investigations, and to allow us to develop a comprehensive picture of the national and economic security threats we face, we must enhance and centralize our internal tracking,” the guidance reads, according to Reuters.
- “It’s a specialized process to ensure we track all ransomware cases regardless of where it may be referred in this country, so you can make the connections between actors and work your way up to disrupt the whole chain,” said John Carlin, acting deputy attorney general at the Justice Department, per Reuters.
- “We’ve used this model around terrorism before but never with ransomware,” Carlin added.
- The Justice Department's decision to use these protocols for ransomware attack investigations "illustrates how the issue is being prioritized," Reuters reported, citing U.S. officials.
Worth noting: "The tracking effort is expansive, covering not only the DOJ's pursuit of ransomware criminals themselves but also the cryptocurrency tools they use to receive payments, automated computer networks that spread ransomware and online marketplaces used to advertise or sell malicious software," CNN reported.
- The Justice Department did not immediately respond to Axios' request for comment.
The big picture: The Biden administration recently urged businesses to take "immediate steps" to increase their ransomware defenses.
- White House deputy national security adviser Anne Neuberger recommended that businesses enable multi-factor authentication for sensitive accounts, use endpoint detection and response tools, and encrypt and regularly back up their data.
- She also called on businesses to separate corporate business functions and manufacturing/production operations to ensure certain networks can be isolated and continue to operate in the event of an attack.
Go deeper: Ransomware business achieves critical mass