It sounds like the United States Department of Justice is suddenly starting to prioritize and analyze ransomware attacks, like never before.
Reuters broke the news when it obtained an Internal DOJ memo sent to DOJ offices across the U.S.
The memo, written by John Carlin, Principle Associate Deputy Attorney General, called for an immediate shift:
"To ensure we can make necessary connections across national and global cases and investigations, and to allow us to develop a comprehensive picture of the national and economic security threats we face, we must enhance and centralize our internal tracking.
It's a specialized process to ensure we track all ransomware cases regardless of where it may be referred in this country, so you can make the connections between actors and work your way up to disrupt the whole chain."
According to Reuters, the memo says this kind of process has been used to track terrorism before, but never with ransomware.
This sounds good, but with most ransomware groups currently out of reach from U.S. law enforcement, how significant of a difference can it make?
Perhaps it will inform cyber retaliation efforts going forward? That is one possibility.
Regardless, this cannot be the only thing, says Dirk Schrader, Global Vice President of Security Research at New Net Technologies (NNT):
"Raising the priority of ransomware attacks is certainly a good step, although it cannot remain the only one in order to be effective in reducing the amount of ransomware cases. For now, it is more about collecting and centralizing information.
Additional steps should be focused around a requirement to report any case of ransomware to authorities, strongly discouraging the payment of a ransom. Also, it will be necessary to influence the extended ecosystem around ransomware, the protection against, the risk transfer to insurances, any international legal aspects related to investigation and enforcement."
