FWIW in June of 2011 the Pentagon issued a report that defined how 'cyber attacks' can be classified as an act of war. Part of the defense department review of threats against the US. However, they have to be plausibly tied to a state actor such as Russia or North Korea (to give two examples) The net result was that the Pentagon considers military response (both kinetic and cyber) as legal and sanctioned ways to respond to cyber attacks.
Generally though, the Justice department defines terrorism to be "the unlawful use of force and violence against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof, in furtherance of political or social objectives"
These ransomware attacks fall in the middle. They are 'deniable' by state actors as just crooks who happen to be within their borders. They certainly don't push any social objective other than to enrich the criminals. So that leaves them under the jurisdiction of law enforcement.
I have read anecdotal evidence that there are the equivalent to "Letters of Marque"[1] for Russian criminals who attack enemies of the Kremlin. They wouldn't completely qualify as the Russians aren't actually in a declared state of war (this works fine for North Korea) but conceptually if you accept that criminals are gonna crim, then pointing them at people you don't like at least keeps the damage outside of your area of concern.
In this particular case, the fairly rapid take down of these guys gives me pause. One wonders if the FBI and Interpol had Colonial pay with Bitcoin that they then traced to the destination wallets. And then working backward from there to the server infrastructure. That would be an interesting capability if it exists.
Generally though, the Justice department defines terrorism to be "the unlawful use of force and violence against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof, in furtherance of political or social objectives"
These ransomware attacks fall in the middle. They are 'deniable' by state actors as just crooks who happen to be within their borders. They certainly don't push any social objective other than to enrich the criminals. So that leaves them under the jurisdiction of law enforcement.
I have read anecdotal evidence that there are the equivalent to "Letters of Marque"[1] for Russian criminals who attack enemies of the Kremlin. They wouldn't completely qualify as the Russians aren't actually in a declared state of war (this works fine for North Korea) but conceptually if you accept that criminals are gonna crim, then pointing them at people you don't like at least keeps the damage outside of your area of concern.
In this particular case, the fairly rapid take down of these guys gives me pause. One wonders if the FBI and Interpol had Colonial pay with Bitcoin that they then traced to the destination wallets. And then working backward from there to the server infrastructure. That would be an interesting capability if it exists.
[1] https://en.wikipedia.org/wiki/Letter_of_marque