Hooded hacker working on laptop with code overlaying image showing ransomware attacks treated as terrorism

The FBI and DOJ Compare Ransomware Attacks to Terrorism, Adopts Coordinated Approach

The Department of Justice (DOJ) elevated the priority of ransomware attacks comparing them to terrorist attacks in the wake of the massive cyber attack on Colonial Pipeline.

The FBI Director Christopher Wray told the Wall Street Journal that the U.S. government faced a similar situation with ransomware attacks as it did during the 9/11 attacks.

He accused Russia of harboring most threat actors, adding that the FBI had identified more than 100 ransomware variants.

Wray said that government agencies and the private sector shared the responsibility of stopping the attacks.

The Director’s comments coincided with a DOJ memo directing the U.S. attorney’s office to coordinate ransomware investigations with the newly created task force in Washington.

Taskforce in Washington to coordinate investigations on ransomware attacks

Reuters reported that the DOJ sent internal guidance to U.S. attorney’s office that ransomware investigations in the field should be centrally coordinated with the new ransomware task force in Washington.

This strategy would ensure the department makes the “necessary connections across national and global cases and investigations” and develop a comprehensive picture of the national and economic security threats facing the country.

The task force would dedicate additional resources and improve inter-departmental intelligence sharing, and identify “links between criminal actors and nation-states.”

Consequently, federal investigators probing ransomware attacks will “share both updated case details and active technical information with leaders in Washington,” according to Reuters.

The memo directs U.S. District attorneys to notify the ransomware task force of any major developments in ransomware cases, potential law enforcement emergency, or ransomware incidents that would potentially “generate national media or Congressional attention.”

The media outlet noted that cases involving illicit online forums, cryptocurrency exchanges, money laundering services, botnets, and “bulletproof hosting services” would require such notifications.

Additionally, US Attorney’s Office must file urgent reports after learning of new ransomware attacks.

Open letter to private organizations on ransomware threat

Meanwhile, the U.S. National Security Council chief cybersecurity advisor Anne Neuberger wrote an open letter to private organizations urging them to take the ransomware threat seriously.

Similarly, Deputy Attorney General Lisa Monaco told CNBC that it was important to treat ransomware attacks as the national security threat that they are.

“We know that indeed the most recent attacks against JBS Foods and Colonial Pipeline are linked to criminal actors, criminal groups that are known to law enforcement that have ties to Russia,” Monaco added.

President Joe Biden was expected to discuss cyber attacks with the Russian President during their meeting in Geneva, Switzerland.

Similarly, White House Press Secretary Jen Psaki said that the Biden administration was not ruling out any option in its response to increased ransomware attacks.

Earlier, the administration had imposed sanctions on Russia and expelled diplomats for Kremlin’s interference in the 2020 elections and the SolarWinds hack, among other issues. These actions followed a report by the intelligence community describing Kremlin as “most serious intelligence threats to the United States.”

The Biden administration also officially blamed the Russian Foreign Intelligence Service (SVR) for the SolarWinds hack. The agency is linked with various state-sponsored persistent threat actors (APTs) such as APT 29, Cozy Bear, and the Dukes.

The former CIA chief Leon Panetta said the hackers responsible for the SolarWinds hacks were terrorists operating from Russia.

“From my point of view, they’re terrorists. When they come at us with ransomware, even though they’re a criminal operation, they’re operating out of Russia, and they are going after some very important infrastructure in this country,” Panetta told MSNBC.