- Companies have paid at least $90 million in bitcoin ransoms for ransomware this year.
- U.S. Rep. Carolyn Maloney is concerned that paying ransomware could fuel more attacks on U.S. infrastructure.
U.S. Rep. Carolyn Maloney (D-N.Y.), chair of the U.S. House Oversight and Reform Committee, has put two companies that have recently suffered ransomware attacks on the spotlight.
In letters written today to Colonial Pipeline and CNA Financial, Maloney asked for details about payments made by the two companies to hackers who reportedly took control of the companies’ computer networks in May and March, respectively.
“I am extremely concerned that the decision to pay ransom to international criminals sets a dangerous precedent that will make critical infrastructure a greater target for future attacks.” She wrote in the letter.
It is clear from Maloney’s letter that ransomware attacks, and the “practice” of demanding ransom payments in cryptocurrencies, have become a political issue.
The U.S. Department of Justice announced today that it will treat such attacks with the same priority as terrorism. A spokesman for the Biden administration said yesterday that the government is looking to expand cryptocurrency tracking as a response. Bitcoin and other cryptocurrencies, particularly the privacy coin Monero, are often “favored” by these hackers because they can operate outside the tightly regulated financial sector.
According to a recent report by analyst firm Elliptic, the hacking group DarkSide has garnered more than $90 million in bitcoin ransoms this year. But the hackers aren’t stopping there. Just this week, meat processor JBS was attacked, allegedly by Russian-linked REvil/Sodinokibi, and the hackers threatened to cut off much of the meat supply to the U.S. JBS says it has now taken back control of its facilities, though it’s unclear if the company paid a ransom to resolve the issue.
Last year, as the number of ransomware attacks grew, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) warned that moves to pay ransoms to hacking groups could lead them to violate U.S. sanctions – which prohibit businesses from doing business with individuals and entities on government blacklists.
DarkSide, the hacking group that previously attacked Colonial Pipeline, is not on that list, however its affiliated organizations may be. According to New York Times reporter Andrew Kramer, DarkSide utilizes a franchise model that allows hacker entrepreneurs to purchase ransomware for deployment.
Colonial Pipeline was reportedly attacked by ransomware on May 7 local time, forcing it to shut down its critical fuel network supplying the eastern U.S. coastal states, and eventually paid a ransom of nearly $5 million worth of cryptocurrency to the hackers to restore the system to operation. Following this, Darkside, the hacking group that carried out the attack, had its cryptocurrency and servers confiscated by authorities and shut down operations.
Paying for ransomware may be permissible, provided the company facilitating such transactions has a strict compliance process in place.
But little is known about the details of the payments made by Colonial Pipeline or CNA Financial. CNA, one of the country’s largest insurers, reportedly paid $40 million to restore access to its network, but its payment has not been confirmed.
“CNA followed all laws, regulations and published guidance in handling this matter, including OFAC’s 2020 Ransomware Guidelines.” CNA spokeswoman Cara McCall told Bloomberg in May of this year.
Meanwhile, Colonial’s CEO Joe Blount said the company paid $4.4 million in bitcoin to get the company’s systems back up and running.
Maloney asked them to provide documents outlining how it decided to pay the attackers, any documents or communications received from the attackers, whether any government agencies provided input and whether the companies conducted checks to ensure sanctions were not violated. In fact, she had asked Colonial and CNA to provide the requested documents by June 17.
“Congress needs detailed information about ransom payments to cybercriminals in order to effectively legislate on cybersecurity and ransomware in the United States.” She said so.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/u-s-rep-encryption-ransom-payment-to-ransomware-sets-dangerous-precedent/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.