The US government is stepping up action against the current epidemic of ransomware, which this week has seen one of the world’s biggest meat suppliers, JBS, struck by attackers, alongside revelations of attacks on public transport organisations — and doubtless countless others not yet been made public.
According to Reuters, the US Department of Justice (DoJ) has shown that it will give ransomware investigations the exact same or comparable priority to terrorism investigations.
The DoJ is known to have already achieved to US lawyers’ offices to tell them to coordinate with and pass information on ransomware attacks to its recently created central Ransomware Task Force (RTF).
Reuters said the guidance — which makes explicit reference to the Colonial Pipeline attack as one of the most significant recent incidents — is designed to reflect the growing threat of ransomware attacks.
It hopes to ensure it can draw connections between attacks both inside the US and globally, build up a coherent picture of the situation.
The DoJ guidance also goes after the services ransomware operators use to host their infrastructure, the dark web forums and marketplaces where they advertise their products to affiliates and publicise their attacks, and the cryptocurrency exchanges and money laundering services used to make their profits appear legitimate.
At the same time, in a memo issued from the White House to organisations across the US, Anne Neuberger, deputy national security advisor for cyber and emerging technology, urged the private sector to take more responsibility to deflect ransomware attacks.
Neuberger said that while the US government is conducting important work in disrupting ransomware networks, calling out the nation states that harbour ransomware gangs, and developing new policies, businesses should also take steps to protect themselves.
“Much like our homes have locks and alarm systems and our office buildings have guards and security to meet with the threat of theft, we recommend you to take ransomware crime seriously and ensure your company cyber defences fulfill the threat,” wrote Neuberger.
“The most important takeaway from the current spate of ransomware strikes on US, Irish, German and other organisations around the world is that firms that see ransomware as a threat to their core business operations rather than a simple risk of data theft will react and recover more quickly.
“To understand your risk, business executives should immediately convene their leadership teams to discuss the ransomware threat and review corporate security posture and business continuity plans to ensure you have the ability to continue or quickly restore operations,” she said, before going on to summarize the US administration’s recommended best practices for handling ransomware.
James Shank, main architect for community services at threat hunting expert Team Cymru, in addition to a committee member to the RTF, welcomed the increased focus on ransomware. “It is no longer speculation that ransomware can impact our way of life. It can. Colonial Pipeline and JBS USA impacted US citizens’ behaviors and prompted fears of shortages which turned into real shortages. To think of it as terrorism fits the ramifications and impact of real-world ransomware cases now,” he said.
“Seeing this boost in prioritisation and to hear of this coordinated response by the US government is superb! We want coordinated response both with regard to public-private venture but also on the global stage. Ransomware is impacting lives beyond our boundaries and involves actors beyond our boundaries. We can not deal with this alone and we must collaborate with the entire world community to tackle this global threat,” said Shank.
He added:”I expect this contributes to curbing the ongoing increases in ransomware events and ransomware demands. Right now, too much of the risk is borne by the sufferers, and also the ransomware actors run, less or more, with impunity. It is time to change the equilibrium of that equation.”