Give the ransomware threat the same priority as terrorism, says US official guidance

US launches a coordinated effort to track down cyber gangs using the same model deployed against terrorist groups

Ransomware gangs should be tracked and disrupted using the same strategies deployed against terrorist groups, US Department of Justice officials have suggested.

In internal guidance sent to US attorney's offices seen by Reuters, John Carlin, principle associate deputy attorney general at the DOJ, says that information gathering measures should be put in place, coordinated centrally through a special government taskforce.

"It's a specialised process to ensure we track all ransomware cases regardless of where it may be referred in this country, so you can make the connections between actors and work your way up to disrupt the whole chain," Carlin said.

The guidance continues: "We've used this model around terrorism before but never with ransomware."

The proposed measures would require attorney's offices across the country to report incidents, investigations and technical information to a new Washington-based Ransomware and Digital Extortion Task Force, which was launched on Thursday.

"To ensure we can make necessary connections across national and global cases and investigations, and to allow us to develop a comprehensive picture of the national and economic security threats we face, we must enhance and centralise our internal tracking," it says.

According to Reuters, the guidance covers investigations into the wider ecosystem used by ransomware gangs, including "counter anti-virus services, illicit online forums or marketplaces, cryptocurrency exchanges, bulletproof hosting services, botnets and online money laundering services."

The toughening stance comes in the wake of a steady stream of ransomware attacks on US interests, including fuel transport firm Colonial Pipeline and meatpacker JBS.

In May, in the wake of the Colonial attack, President Biden signed an executive order directing federal agencies to adopt data encryption and multi-factor authentication within six months, and requiring private firms that provide IT services to government to implement higher security standards and notify law-enforcement agencies if their systems are breached.

Shortly after this announcement, the UK Department for Digital, Culture, Media and Sport (DCMS) opened a public consultation on tightening the security of third-party IT services used by government. Among measures being considered are more stringent requirements on managed service providers, including that they meet the NCSC's Cyber Assessment Framework. The consultation will run until 11 July 2021.