Senate report criticizes feds’ approach to ransomware investigations
A report that Democrats on the Senate Homeland Security and Governmental Affairs Committee issued on Tuesday asserts that ransomware attacks are surging even as federal efforts to respond to them are not up to the task.
The report, which focuses on the use of cryptocurrency to execute such attacks, concludes that the government is struggling to keep up with the problem in part because data reporting and collection on ransomware attacks and payments is “fragmented and incomplete.”
The Department of Homeland Security’s Cybersecurity and Infrastructure Agency StopRansomware.gov website and the FBI’s IC3.gov website claim to host what the government bills as its “one-stop” location for reporting ransomware attacks. The agencies say they share data, but the report asserts that ransomware incident response firms “questioned the effectiveness of such communication channels’ impact on assisting victims of an attack.”
Ransomware has become a scourge across sectors, with attacks hitting hospitals and school systems; local, state and federal government agencies; and critical infrastructure entities in the water and energy sectors. Ransomware attacks impacted at least 2,323 local governments, schools and health care providers in the United States last year, the report says. But that number vastly underestimates the true sweep of the problem since many victims choose not to disclose ransomware attacks. The report says that, as a result, federal data capturing the problem should be considered “artificially low.”
Even given these limitations, FBI data shows a quickly growing phenomenon: A three-year comparison of ransomware complaints made to the FBI between 2018 and 2020 show a 66% increase in victim count and a 705% increase in adjusted losses, according to the report.
Sen. Gary Peters, a Michigan Democrat and the Homeland Security Committee’s chair, says the federal government lacks sufficient data and information on ransomware attacks and how they leverage cryptocurrency.
Agencies’ efforts to enforce anti-money laundering and banking regulations that cover cryptocurrency exchanges in some foreign jurisdictions limit the U.S. government’s ability to tackle the ransomware threat, the report says.
Recommendations from the report include that the federal government should standardize existing federal data on ransomware incidents and ransom payments to make it easier to analyze the threat comprehensively. The report also suggests that Congress establish additional public-private partnerships to investigate ransomware while pushing everyone to share information about ransomware attacks and payments through crowdsourcing and other initiatives.
Cryptocurrencies have allowed cybercriminals to launch ransomware attacks demanding ransom payments without being traced, Peters said.
“The increased use of cryptocurrencies as the preferred method of payment in ransomware attacks shows that cybercriminals believe they can commit attacks without being held accountable,” Peters said in a statement. “My investigation will help us better understand how cryptocurrency can embolden cybercriminals, and identify possible policy changes that would help disrupt the incentive cryptocurrencies provide for criminal organizations and foreign adversaries to target critical public and private sector systems.”
CISA and the FBI declined to comment on the report.