US issues guidance to investigate ransomware & terrorist attacks alike

The US Department of Justice is elevating the status of ransomware investigations to the levels of terrorist attacks. The country has recently faced multiple cyber attacks across the country, such as the Colonial Pipeline hack. Even though the company paid $5 million, it could not recover all lost data. As a result, the country suffered a widespread fuel shortage. The government had to declare a state of emergency in 17 states. It’s companies have even faced attacks on their offshore facilities, such as the recent attack on Apple.

As per a Reuters report, an internal guidance sent to US attorney’s offices across the country said that ransomware investigations in the field should be centrally coordinated with a new task force in Washington.

“It’s a specialized process to ensure we track all ransomware cases regardless of where it may be referred in this country, so you can make the connections between actors and work your way up to disrupt the whole chain,” said John Carlin, principle associate deputy attorney general at the Justice Department.

What to expect?

The guidance covers cases involving counter anti-virus service, illegal marketplaces, crypto exchanges, botnets, online money laundering services, and abuse-resistance hosting services.

As a result of the guidance, investigators in the attorney’s offices handling ransomware attacks will be expected to share both updated case details and active technical information with leaders in Washington. The investigators shall also look at and include other investigations focused on the larger cybercrime ecosystem.

A Change in stance?

Following rampant cyber threats, the United States’ House Committee on Homeland Security has recently passed five bipartisan bills to strengthen defence capabilities against cyber-attacks. The bills include:

1. H.R. 2980, The “Cybersecurity Vulnerability Remediation Act.” – authorizes Cybersecurity and Infrastructure Security Agency (CISA) to assist critical infrastructure owners and operators with mitigation strategies against the most critical and known vulnerabilities.

2. H.R. 3138, The “State and Local Cybersecurity Improvement Act.” – seeks to authorize a new $500 million grant program to provide state and local, Tribal and Territorial governments with dedicated funding to secure their networks from ransomware and other cyber-attacks.

3. H.R. 3223, The “CISA Cyber Exercise Act.” – establishes a National Cyber Exercise program within CISA to promote more regular testing and systematic assessments of preparedness and resilience to cyber-attacks against critical infrastructure.

4. H.R. 3243, The “Pipeline Security Act.” – seeks to enhance the ability of Transportation Security Administration (TSA). It is a principal Federal agency responsible for pipeline security. Its function is to guard pipeline systems against cyberattacks, terrorist attacks, and other threats. This measure codifies TSA’s Pipeline security section and clarifies TSA’s statutory mandate to protect pipeline infrastructure.

5. H.R. 3264, The “Domains Critical to Homeland Security Act.”

This act authorizes Department of Homeland Security (DHS) to conduct research and developments into supply chain risks for critical domains of the US economy and transmit results to Congress.

Cyber Terrorism & Critical Infrastructure Protection in India

As per a report by Check Point Research, India is the most ransomware affected nation in 2021. Organisations on an average face 213 attacks every week, against 51 in the Asia Pacific Region, 29 in the North America, and 14 in Europe in Latin America. Africa faces only 4 attacks per week. In 2020, 74% Indian companies were hit by ransomware attacks, and lost a massive $17.27 billion.

Section 66F of the Information Technology Act defines cyber terrorism and provides for a punishment that extends to imprisonment for life. The law focuses on the ‘intent’ of any cyber attack, rather than its type.

Further, Section 70 of the Information Technology Act, 2000, seeks to protect Critical Information Infrastructure. It describes critical information infrastructure as “the computer resource, the incapacitation or destruction of which, shall have debilitating impact on national security, economy, public health or safety.” Any person who fiddles with such a protected system can be punished with imprisonment up to 10 years, and also fine.

There are two national level nodal agencies- the National Critical Information and the Computer Emergency Response Team- India (CERT-In).


Do subscribe to our Telegram channel for more resources and discussions on technology law and news. To receive weekly updates, don’t forget to subscribe to our Newsletter.

You can also follow us on InstagramFacebookLinkedIn, and Twitter for frequent updates and news flashes about #technologylaw.

Rohit Ranjan Praveer

Rohit is a practicing advocate at Delhi. Beginning as a tech enthusiast, Rohit always had a keen interest in computer forensics and information security. Building upon these fundamentals, he has undertaken extensive research on various techno-legal topics and continues his pursuit pass on valuable information to the masses, with a zeal to build something that outlasts him.​

Share your thoughts!

This site uses Akismet to reduce spam. Learn how your comment data is processed.