Ransomware to be investigated like terrorism

The impact of recent ransomware attacks onvital infrastructure在美国引发了一个反应n from the US Attorney’s office. In an internal guidance it says that all ransomware investigations in the field should be centrally coordinated with a recently created task force in Washington.

According to路透社, the internal communication states:

“To ensure we can make necessary connections across national and global cases and investigations, and to allow us to develop a comprehensive picture of the national and economic security threats we face, we must enhance and centralize our internal tracking.”

恐怖主义模式

这种调查与合作模型仅在涉及国家安全的一些领域中使用，例如恐怖主义。根据美国官员的说法，这表明了如何将勒索软件问题优先考虑。据路透社报道，这意味着调查人员必须与华盛顿的领导人分享更新的案例细节和积极的技术信息。这也意味着他们将收到华盛顿的指导。如果实施最佳实施，这肯定会更好地了解勒索软件景观。

在他的最近改善国家网络安全的行政命令President Biden already pointed out that the US faces persistent and increasingly sophisticated malicious cyber-campaigns. Section two of the order it titled Removing Barriers to Sharing Threat Information, and this new cooperation seems to fall under that banner.

勒索软件工作队

In April wereportedabout international cooperation in this field in the form of the Ransomware Task Force (RTF), a think tank composed of more than 60 volunteer experts who represent organizations encompassing industries and governments. In its报告（PDF）RTF建议将勒索软件视为对国家安全的威胁。

“勒索软件袭击已关闭包括军事设施在内的关键国家资源的运营。2019年，一次勒索软件攻击关闭了美国海岸警卫队设施的运营30小时，并在2020年2月对天然气管管道操作员的勒索软件袭击停止了两天。对能源网，核电站，废物处理设施或任何数量关键资产的攻击可能会带来毁灭性后果，包括人身伤亡。”

这是在攻击殖民管道这促使拜登总统签署了一项行政命令，该命令广泛地指导商务部为向联邦政府出售软件的公司创建网络安全标准。

Whether the RTF and the proposed task force in Washington will work closely together is unknown but perhaps unlikely given the international character of the RTF. Sharing information might be benificial for both though.

Revil没有留下深刻的印象

在interviewpublished by cybersecurity bloggerSergey R3dhunt, a spokesperson for the REvil appears to indicate they are not worried by the new “terrorism approach.“

笔录翻译了：

问：网络攻击发生了什么？

答：结果，美国使我们列入了与普京讨论的议程。问题是，为什么现在每个人都在独联体中，甚至在俄罗斯联邦中更是如此。与燃料[殖民管道]最近发生的事件有关，美国在各种可能的方式以及CI内部的工作。

Further inquiries seemed to indicate that it will only make matters worse, because if they are going to be prosecuted anyway, they may as well open the floodgates. When asked why they attackedJBS，这是答案：

“Revenue. The parent company is located in Brazil, where the attack was directed. Why the US intervened is not clear. She was avoided by all means.”

历史告诉我们，勒索软件犯罪分子的话应该用大量的盐来服用。

被视为或被调查

即使某些肠道反应表明将以与恐怖袭击相同的方式对待勒索软件攻击，但这并非完全正确。即使某些勒索软件袭击的结果比恐怖袭击的结果差。这是美国检察官办公室想要组织勒索软件调查的方式，与其他国家安全问题类似。惩罚的严重程度或定罪者的严重程度将被逮捕。

勒索软件基础架构

Ransomware, especially Ransomware-as-a-Service (RaaS), has a similar organizational structure to some terrorist organizations. You have the enablers, that provide the software and the infrastructure for the ransomware itself and for receiving payments. And you have the executioners that go out and attack victims. These groups do not have to know each other’s true identities and usually communicate through encrypted channels.

对勒索软件景观的透彻了解和通信平台的成功渗透可以为阻碍操作提供方法。也许犯罪分子之间的固有不信任可以用来发起成功的错误信息运动，以破坏推动者和execution子手之间的合作。也许害怕被一个强大的敬业工作组追踪会使一些潜在的参与者远离现场。

Tracking payments or making it illegal to pay ransom could make another dent in the severity of the threat. According to the report by the RTF, about 27 percent of victims choose to pay a ransom. With this, these victims are fuelling the ransomware industry. Not that they want to, but sometimes they feel it’s the only viable choice. This feeling is often strengthened by the additional threat to publicly disclose exfiltrated data.

总而言之，调查勒索软件的美国集中式工作队可能会促进国际RTF设定的目标：