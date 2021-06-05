WASHINGTON • The US Department of Justice is elevating investigations of ransomware attacks to a similar priority as terrorism in the wake of the Colonial Pipeline hack and mounting damage caused by cyber criminals, a senior department official has said.

Internal guidance sent on Thursday to the US attorney's offices across the country said information about ransomware investigations in the field should be centrally coordinated with a recently created task force in Washington.

"It's a specialised process to ensure we track all ransomware cases regardless of where it may be referred in this country, so you can make the connections between actors and work your way up to disrupt the whole chain," said Mr John Carlin, principle associate deputy attorney-general at the Justice Department (DOJ). Last month, a cyber criminal group that the US authorities said operates from Russia penetrated the pipeline operator on the US East Coast, locking its systems and demanding a ransom.

The hack caused a shutdown lasting several days, led to a spike in petrol prices, panic buying and localised fuel shortages in the south-east. Colonial Pipeline decided to pay the hackers who invaded their systems nearly US$5 million (S$6.65 million) to regain access, the company said. The DOJ guidance specifically refers to Colonial as an example of the "growing threat that ransomware and digital extortion pose to the nation".

"To ensure we can make necessary connections across national and global cases and investigations, and to allow us to develop a comprehensive picture of the national and economic security threats we face, we must enhance and centralise our internal tracking," said the guidance.

The process has typically been reserved for a short list of topics, including national security cases, legal experts said. In practice, it means that investigators in United States attorney's offices handling ransomware attacks will be expected to share updated case details and active technical information with leaders in Washington.

The guidance also asks the offices to look at and include other investigations focused on the larger cyber crime ecosystem.

According to the guidance, the list of investigations that now require central notification includes cases involving counter anti-virus services, illicit online forums or marketplaces, cryptocurrency exchanges, bulletproof hosting services, botnets and online money laundering services.

Mr Mark Califano, a former US attorney and cyber crime expert, said the "heightened reporting could allow the DOJ to more effectively deploy resources" and to "identify common exploits"used by cyber criminals.

REUTERS