Skip to main content
A scary good deal on trusted journalism
Get full digital access to globeandmail.com
$0.99
per week for 24 weeks SAVE OVER $140
OFFER ENDS OCTOBER 31
A scary good deal on trusted journalism
$0.99
per week
for 24 weeks
SAVE OVER $140
OFFER ENDS OCTOBER 31
// //

The U.S. Department of Justice is elevating investigations of ransomware attacks to a similar priority as terrorism in the wake of the Colonial Pipeline hack and mounting damage caused by cyber criminals, a senior department official told Reuters.

Internal guidance sent on Thursday to U.S. attorney’s offices across the country said information about ransomware investigations in the field should be centrally co-ordinated with a recently created task force in Washington.

“It’s a specialized process to ensure we track all ransomware cases regardless of where it may be referred in this country, so you can make the connections between actors and work your way up to disrupt the whole chain,” said John Carlin, principle associate deputy attorney general at the Justice Department.

Story continues below advertisement

U.S. announces new security directives for pipelines after Colonial hack

Last month, a cyber criminal group that the U.S. authorities said operates from Russia, penetrated the pipeline operator on the U.S. East Coast, locking its systems and demanding a ransom. The hack caused a shutdown lasting several days, led to a spike in gas prices, panic buying and localized fuel shortages in the southeast.

Colonial Pipeline decided to pay the hackers who invaded their systems nearly $5 million to regain access, the company said.

The DOJ guidance specifically refers to Colonial as an example of the “growing threat that ransomware and digital extortion pose to the nation.”

“To ensure we can make necessary connections across national and global cases and investigations, and to allow us to develop a comprehensive picture of the national and economic security threats we face, we must enhance and centralize our internal tracking,” said the guidance seen by Reuters and previously unreported.

The Justice Department’s decision to push ransomware into this special process illustrates how the issue is being prioritized, U.S. officials said.

“We’ve used this model around terrorism before but never with ransomware,” said Carlin. The process has typically been reserved for a short list of topics, including national security cases, legal experts said.

In practice, it means that investigators in U.S. attorney’s offices handling ransomware attacks will be expected to share both updated case details and active technical information with leaders in Washington.

Story continues below advertisement

The guidance also asks the offices to look at and include other investigations focused on the larger cybercrime ecosystem.

According to the guidance, the list of investigations that now require central notification include cases involving: counter anti-virus services, illicit online forums or marketplaces, cryptocurrency exchanges, bulletproof hosting services, botnets and online money laundering services.

Bulletproof hosting services refer to opaque internet infrastructure registration services which help cyber criminals to anonymously conduct intrusions.

A botnet is a group of compromised internet-connected devices that can be manipulated to cause digital havoc. Hackers build, buy and rent out botnets in order to conduct cyber crimes ranging from advertising fraud to large cyberattacks.

“We really want to make sure prosecutors and criminal investigators report and are tracking … cryptocurrency exchanges, illicit online forums or marketplaces where people are selling hacking tools, network access credentials – going after the botnets that serve multiple purposes,” said Carlin.

Mark Califano, a former U.S. attorney and cybercrime expert, said the “heightened reporting could allow DOJ to more effectively deploy resources” and to “identify common exploits” used by cybercriminals.

Story continues below advertisement

Your time is valuable. Have the Top Business Headlines newsletter conveniently delivered to your inbox in the morning or evening. Sign up today.

Your Globe

Build your personal news feed

  1. Follow topics and authors relevant to your reading interests.
  2. Check your Following feed daily, and never miss an article. Access your Following feed from your account menu at the top right corner of every page.

Follow topics related to this article:

View more suggestions in Following Read more about following topics and authors
Report an error
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

If you do not see your comment posted immediately, it is being reviewed by the moderation team and may appear shortly, generally within an hour.

We aim to have all comments reviewed in a timely manner.

Comments that violate our community guidelines will not be posted.

UPDATED: Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies