The U.S. to Treat Ransomware Attacks as Terrorism, but What Does That Mean?

Last updated June 23, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

The U.S. Department of Justice has announced that all ransomware incidents will now be treated as terrorism, being assigned with the ultimate level of investigatory effort in an attempt to curb the problem and reduce the number and severity of the attacks. In practice, this means any ransomware investigation across the U.S. will be handled and coordinated from a special task force in Washington, which will attempt to make connections and correlations between actors and attacks.

In the case that any hackers are arrested, they will face charges of terrorism - which is a class C felony punishable by up to 10 years of imprisonment, on top of the usual computer fraud act violations and unauthorized access that incur their own punishments. The authorities hope that this alone would be a deterrent for the actors. Still, the truth is, not many of those ransomware hackers are ever identified, let alone arrested and prosecuted.

In a recent interview with a Russian channel, REvil stated that getting classified as terrorists doesn’t mean anything for them, nor will it affect their operations. The notorious group of actors also pointed out that if the U.S. moves forward with this new legislation, it will only restrict victims from paying the ransoms quickly and getting back to business, so it will only make the effects of the ransomware attack worse.

This is, of course, a different view from what the Americans are hoping to achieve with the new approach, and how the landscape will shape depends on the dynamics that’ll come into play. If ransomware payments are treated as terrorist financing, some countries will face international consequences for paying ransom to actors. Also, if American firms don’t pay, hackers will gradually stop hitting them.

Dirk Schrader, Vice President at New Net Technologies tells us:

For now, this is more about collecting and centralizing information. Additional steps should be focused around a requirement to report any case of ransomware to authorities, strongly discouraging the payment of a ransom. Companies might not be willing to report a ransomware incident if that reporting will delay the resolution, will delay the return to normal operation due to investigations being slow, and will be time and resource consuming.

Clearly, this is not a one-side coin, and there are opposing factors that are bound to affect the result. Some believe it’s a solid step in the right direction, and others think it will just make matters worse. For the U.S. law enforcement authorities, it is a response to a situation that has been out of control for way too long now, and responding with something is far better than doing nothing. If the system is evaluated as inadequate or negative, the U.S. state will have a basis to build upon and develop a better approach.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: