The U.S. Department of Justice (DOJ) is elevating investigations of ransomware attacks to a similar priority as terrorism, a senior official told Reuters.
Tyler Shields, CMO at JupiterOne, a Morrisville, N.C.-based provider of cyber asset management and governance solutions, notes, "Viewing ransomware attacks as an act of terrorism in a generic sense is likely incorrect and requires additional nuance. Ransomware isn't something that can be labeled with a broad stroke like that. If someone attacked a small dental office with ransomware, it's most certainly not an act of terrorism. However, if they take down critical infrastructure such as an oil pipeline or water system then it is. It's more about the target of the attack and the meaning and intention than it is about the type of attack. However, if this is what it takes to get strong responses out of the U.S. Government to track down issues then it may still be the best option."
Though raising the priority of ransomware attacks is a good step, says Dirk Schrader, Global Vice President, Security Research at New Net Technologies (NNT), a Naples, Fla.-based provider of cybersecurity and compliance software, it cannot remain the only one in order to be effective in reducing the amount of ransomware cases. "For now, it is more about collecting and centralizing information. Additional steps should be focused around a requirement to report any case of ransomware to authorities, strongly discouraging the payment of a ransom. Also, it will be necessary to influence the extended ecosystem around ransomware, the protection against, the risk transfer to insurances, any international legal aspects related to investigation and enforcement. Companies might not be willing to report a ransomware incident if that reporting will delay the resolution, will delay the return to normal operation due to investigations being slow and will be time and resource consuming. That is another aspect that would have to considered in the overall efforts in tackling ransomware. One of the first things a company should do to reduce the likelihood of becoming a ransomware victim, and to limit the impact, is to follow the essential guidelines of CIS (or others), so that its attack surface is as small as possible. Incentivizing this behavior is crucial to root out ransomware."