After attacks on SolarWinds, the Colonial Pipeline and JBS, the U.S. Department of Justice is taking action. A new memo outlines how ransomware attacks will be treated like terror attacks.
Supply chain attacks are not new, they have been around for a long time. These attacks are attractive to threat actors because it can enable them to hit multiple businesses with a single attack on a specific piece of software or software firm. The SolarWinds hack is a prime example. Supply chain attacks affect every industry, but recently they’ve affected more than just cybersecurity teams, they’re affecting the daily lives of everyday people. The Colonial Pipeline attack, the JBS attack. Finally the U.S, government is taking notice. Per Gizmodo, the DOJ on Thursday sent a memo that all ransomware attacks will be treated like terror attacks.
The reason ransomware attacks are specifically targeted is because they are so effective. Ransomware essentially locks users out of systems until a ransom is paid. Many businesses will simply pay the ransom and pray their systems are restored, even if they call the authorities. It’s the fastest way to fix the problem, should the hackers be true to their word. When users are locked out of systems, work cannot be conducted so business is at a standstill, which is why business owners often pay the ransom and then attempt to mitigate any damages.
Law enforcement will always tell you to avoid paying the ransom because there’s no guarantee it will work, but business leaders know that it’s a matter of cost efficiency. You already have this breach, is it cheaper to pay the ransom or is it cheaper to try and decrypt or recover the data yourself? Most of the time, it’s cheaper to pay the ransom. And since it works, criminals and others continue to use that method. Now, though, there are going to be repercussions for those attacks, and they’re not just after the threat actors.
The new guidelines outline a more coordinated approach to investigating attacks, with the stipulation that these investigations be coordinated with a ransomware task force that was formed in April. Run by the Justice Department, the task force is developing a “strategy that targets the entire criminal ecosystem around ransomware.” This includes “prosecutions, disruptions of ongoing attacks and curbs on services that support the attacks, such as online forums that advertise the sale of ransomware or hosting services that facilitate ransomware campaigns.”
The scope of the policy applies to all investigations and cases that involve ransomware and/or digital extortion, as well as third parties that facilitate these attacks. Which means that if an attacker requests a ransomware payment be made in cryptocurrency, or a ransomware payment is sent and then exchanged for cryptocurrency, the exchange service can be charged. There are others impacted by this memo, including counter-antivirus services, botnets, online money laundering services and more.
“It’s a specialized process to ensure we track all ransomware cases regardless of where it may be referred in this country, so you can make the connections between actors and work your way up to disrupt the whole chain,” John Carlin, acting deputy attorney general at the Justice Department, told Reuters. “We’ve used this model around terrorism before but never with ransomware,” he added.
This is a huge step in the right direction for a government. There has long been a need for more regulations around cybercrime, a need for more enforceable recourse to deter threat actors from attempting these attacks. Now it seems that the U.S. is paying attention and making a change. It only took hackers disrupting our fuel supply and meat supply, which sent prices soaring and left Americans angry, frustrated and scared.
While it should not have taken such drastic action by hackers to get the attention of governments, at least now there is something in motion. There is recourse for law enforcement when these attacks happen, there is justice for the businesses that are victimized. On top of that, regular, everyday people do not have to worry about how much a product or service is going to cost tomorrow. There is a higher chance for stability, and with stability comes increased consumer confidence, which bolsters the economy.
This memorandum alone may not be enough to stop ransomware attacks, we certainly cannot abandon security practices just yet. It’s also likely the current threat climate will grow before we see this and other efforts start having an impact. But it’s definitely a step in the right direction.