- The Department of Justice said that it will handle ransomware attacks in the same way that it handles terrorism cases.
- Recent attacks on the Colonial Pipeline and JBS, the world’s largest meat processing company, heightened the risk of ransomware.
- The FBI said the security threat posed by cybercrime is similar to 9/11.
It’s war against ransomware.
The Department of Justice said it now prioritizes ransomware attacks the same way it handles terrorism cases, as a growing number of hacks have caused the White House to warn businesses to be on hot alert against cyber crimes, according to a report.
Reuters reported that recent attacks — specifically the Colonial Pipeline hacking, which wreaked havoc on the US just weeks ago — made the Justice Department to elevate investigations of ransomware attacks.
“It’s a specialized process to ensure we track all ransomware cases regardless of where it may be referred in this country, so you can make the connections between actors and work your way up to disrupt the whole chain,” said John Carlin, principle associate deputy attorney general at the Justice Department, said of the guidance.
The Colonial Pipeline hacking happened in May when Russian hackers locked the pipeline’s system and demanded ransom.
The company paid the hackers nearly $5 million in ransom in order to regain control, but it caused pain to consumers in the US, including increased gas prices, fuel shortages, and panic buying.
CNN reported that US investigators have recovered “millions of dollars in cryptocurrency” paid to the hackers of the Colonial Pipeline attack. The recovery, which the Justice Department announced on Monday, has been deemed a rare coup considering how rampant ransomware attacks have become. The Justice Department said it had seized 63.7 Bitcoins, or $2.3 million.
Reuters obtained a memo that highlighted the new alert:
The DOJ guidance specifically refers to Colonial as an example of the “growing threat that ransomware and digital extortion pose to the nation.”
“To ensure we can make necessary connections across national and global cases and investigations, and to allow us to develop a comprehensive picture of the national and economic security threats we face, we must enhance and centralize our internal tracking,” said the guidance seen by Reuters and previously unreported.
What is ransomware?
McAfee calls ransomware a “malware that employs encryption to hold a victim’s information at ransom.” In these cases, critical data of an organization is encrypted, making it impossible for a company to access everything, like files, databases, or applications.
In order to receive access again, hackers will demand ransom. In the hacking of the Colonial Pipeline, the company paid hackers roughly 75 Bitcoin — close to $5 million, according to The New York Times.
The FBI compares ransomware threat to 9/11
In an interview with the Wall Street Journal published Thursday, FBI director Christopher Wray said that the FBI is investigating around 100 different types of ransomware, and that the cyberattacks pose a similar threat to that of the September 11 terrorist attacks.
“There are a lot of parallels, there’s a lot of importance, and a lot of focus by us on disruption and prevention,” Wray said. “There’s a shared responsibility, not just across government agencies but across the private sector and even the average American.”
Wray noted that the recent attacks can affect just about anyone.
“Now realizing it can affect them when they’re buying gas at the pump or buying a hamburger — I think there’s a growing awareness now of just how much we’re all in this fight together,” he said.
Wray is referring to the Colonial Pipeline attack and most recently the attack on Brazil-based meat processor JBS, the world’s largest meat processing company, which was forced to halt production in plants in North America and Australia.
The White House has dubbed the hack as “ransomware,” but it remains unclear if JBS paid ransom, according to reports.
JBS resumed production earlier this week. The FBI said in a statement that the attack was led by REvil, a Russian-speaking hacker group.
Wray singled out Russia to blame for the attacks. He said that a “huge portion” of the attacks have been traced back to actors in Russia, and that the Russian government could do more to prevent such attacks.
“If the Russian government wants to show that it’s serious about this issue, there’s a lot of room for them to demonstrate some real progress that we’re not seeing right now,” he said.
How to protect yourself from ransomware
Basic laws of the Internet apply to safeguard yourself from a potential ransomware attack. Kaspersky, a global cybersecurity company, warns that having outdated devices, software, or an insufficient cybersecurity plan could make people more prone to attacks.
To ward off ransomware attacks, Kaspersky recommends to never click on unsafe links included in spam messages or sketchy websites, avoid disclosing personal information (whether over phone, text message, or email), and do not open suspicious email attachments.