The U.S. Department of Justice has elevated investigations into ransomware and given them a similar priority as terrorism, according to a June 3 report from Reuters.

The decision comes after attacks on Colonial Pipeline Co. and JBS S.A. The former caused fuel shortages on the East Coast of the U.S. and the latter resulted in beef shortages in both North America and Australia.

Internal guidance sent to U.S. attorneys’ offices across the country said information about ransomware investigations in the field should be centrally coordinated with a recently created task force in Washington as part of the push.

“It’s a specialized process to ensure we track all ransomware cases regardless of where it may be referred in this country, so you can make the connections between actors and work your way up to disrupt the whole chain,” John Carlin, principal associate deputy attorney general at the Justice Department, said in a statement.

The attack on Colonial Pipeline is currently believed to have originated from Russia. Proving why ransomware gangs keep targeting various targets, Colonial was reported to have paid a $5 million ransom May 13. Although it’s understandable to a point that companies targeted by ransomware attacks cave and pay the ransom demanded to solve the issue, the fact that they do is also why ransomware gangs are an ongoing threat.

“This is generally a positive development that portends the application of additional levers of national power,” Sounil Yu, chief information security officer at cyber asset management firm JupiterOne Inc., told SiliconANGLE. “If ransomware payments are treated as terrorist financing, then it positions the U.S. to bring forth consequences for countries that harbor or enable ransomware actors. For some countries, such as North Korea, this won’t serve as a major deterrent. However, it could cause other ransomware groups to rethink their targets.”

Dirk Schrader, global vice president, security research at cybersecurity and compliance software provider New Net Technologies Ltd., noted that although raising the priority of ransomware attacks is a “good step,” it cannot remain the only one in order to be effective in reducing the number of ransomware cases.

“For now, it is more about collecting and centralizing information,” he said. “Additional steps should be focused around a requirement to report any case of ransomware to authorities, strongly discouraging the payment of a ransom.”

Schrader added that it will also be necessary to influence the extended ecosystem around ransomware. “Companies might not be willing to report a ransomware incident if that reporting will delay the resolution, will delay the return to normal operation due to investigations being slow and will be time- and resource-consuming,” he said.

Photo: photopin/Flickr