Senate report government unprepared stop ransomware

Leading article…

Ransomware goes all the way back to 1989! With the USA CIA who utilize this software everyday(along with other state sponsors).It’s literally impossible to combat ransomware unless we live in a perfect world. Ports will always be open, USB ports will always be vulnerable.

Can’t blame the government for a sophisticated software that adapts and inherits social engineering tatics.

Expect this software to live far past our lifetimes.

Ransomware attacks are on the rise but federal agencies do not have enough data and information to deter, mitigate and prevent these attacks, according to a report released Tuesday by Sen. Gary Peters, D-Mich., Chairman of the Senate Homeland Security and Governmental Affairs Committee.

The report, authored by committee staff, further found the government lacks data regarding ransoms paid to criminals—usually through cryptocurrencies—by ransomware attack victims.

“Cryptocurrencies—which allow criminals to quickly extort huge sums of money, can be anonymized, and do not have consistently enforced compliance with regulations, especially for foreign-based attackers—have further enabled cybercriminals to commit disruptive ransomware attacks that threaten our national and economic security,” Peters said in a statement. “My report shows that the federal government lacks the necessary information to deter and prevent these attacks, and to hold foreign adversaries and cybercriminals accountable for perpetrating them.”

The Senate committee report indicates that reported ransomware attacks have increased significantly in recent years. In 2020, ransomware attacks jumped 435%, according to the World Economic Forum, and in 2021, ransomware attacks “impacted at least 2,323 local governments, schools, and healthcare providers in the United States.” Those increases caused a comparative increase in financial losses.

“A three-year comparison of the number of complaints of ransomware submitted to the FBI between 2018 and 2020, demonstrates a 65.7% increase in victim count and a staggering 705% increase in adjusted losses. In 2021, the agency received 3,729 ransomware complaints with adjusted losses of more than $49.2 million,” the report states.

Yet even those tallies “likely drastically underestimate the actual number of attacks and ransom payments,” the report states, with public sector assessments “significantly lower” than private sector estimates.

“The report finds that there is a lack of comprehensive data on the amount of ransomware attacks and use of cryptocurrency as ransom payments in these attacks. While multiple federal agencies are taking steps to address the increasing threat of ransomware attacks, more data is needed to better understand and combat these attacks,” the report states.

The report makes several key recommendations for addressing the data problem, including that the government implement a ransomware attacks and ransom payments reporting mandate immediately. 

Other recommendations include standardizing existing federal data on ransomware incidents and ransom payments for better analysis and instructing Congress to establish additional public-private initiatives to investigate the ransomware economy.

2

source link: https://news.slashdot.org/story/22/05/26/1449231/senate-report-finds-government-is-unprepared-to-stop-ransomware-attacks
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Senate Report Finds Government is Unprepared To Stop Ransomware Attacks

Follow Slashdot stories on Twitter

binspamdupenotthebestofftopicslownewsdaystalestupid freshfunnyinsightfulinterestingmaybe offtopicflamebaittrollredundantoverrated insightfulinterestinginformativefunnyunderrated descriptive typodupeerror

Do you develop on GitHub? You can keep using GitHub but automatically sync your GitHub releases to SourceForge quickly and easily with this tool so your projects have a backup location, and get your project in front of SourceForge's nearly 30 million monthly users. It takes less than a minute. Get new users downloading your project releases today!

In the past few years, ransomware attacks have crippled schools, hospitals, city governments, and pipelines. Yet, despite the heavy toll such incidents have on both the public and private sectors, government officials have only a limited understanding of ransomware attacks and how cryptocurrencies are being used to collect payment, according to a new report from the Senate Homeland Security and Governmental Affairs Committee. From a report: "Cryptocurrencies -- which allow criminals to quickly extort huge sums of money, can be anonymized, and do not have consistently enforced compliance with regulations, especially for foreign-based attackers -- have further enabled cybercriminals to commit disruptive ransomware attacks that threaten our national and economic security," said Michigan Senator Gary Peters, the committee's chair, in a statement. "My report shows that the federal government lacks the necessary information to deter and prevent these attacks, and to hold foreign adversaries and cybercriminals accountable for perpetrating them."

Part of the issue is in reporting: The federal government doesn't have a standardized place for victims to log ransomware attacks, which typically encrypt data until a ransom is paid in cryptocurrency. Both the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have websites where victims can report incidents, and some people report the attacks directly to their local FBI field offices -- all of which can leave people unsure of where to turn and lead to different agencies having records of different incidents. Financial regulators, including the Treasury Department's Financial Crimes Enforcement Network, also gather some data on ransomware, particularly around payments, but it's also far from comprehensive. A new law passed by Congress in March, as part of a broad government funding bill, will soon require operators of "critical infrastructure" to report to CISA within 72 hours when they've been the victims of a "substantial cyber incident," and within 24 hours of paying a ransom, but the provision hasn't yet gone into effect, pending regulatory decisions by CISA.

Yet, despite the heavy toll such incidents have on both the public and private sectors, government officials have only a limited understanding of ransomware attacks and how cryptocurrencies are being used to collect payment, according to a new report from the Senate Homeland Security and Governmental Affairs Committee.

Hugh Taylor is a Certified Information Security Manager (CISM). In addition to editing Journal of Cyber Policy, he writes about cybersecurity, compliance and enterprise technology for such clients as Microsoft, IBM, SAP, HPE, Oracle, Google and Advanced Micro Devices. Prior to launching his freelance writing career, he served in executive roles at Microsoft, IBM and several venture-backed technology startups.

Over the past few years, ransomware attacks have crippled schools, hospitals, municipal governments, and pipelines.

Yet despite the heavy toll these incidents have on the public and private sectors, government officials have only a limited understanding of ransomware attacks and how cryptocurrencies are used to collect payments, according to a new Senate report. Homeland Security and Governmental Affairs Committee.

“Cryptocurrencies – which allow criminals to extort huge sums of money quickly, can be anonymized and are not routinely compliant with regulations, especially for foreign-based attackers – have further enabled cybercriminals from carrying out disruptive ransomware attacks that threaten our national and economic security,” Michigan Senator Gary Peters, chairman of the committee, said in a statement. “My report shows that the federal government does not have the information necessary to deter and prevent these attacks, and to hold foreign adversaries and cybercriminals accountable for perpetrating them.”

Part of the problem is reporting: The federal government doesn’t have a standardized place for victims to log ransomware attacks, which typically encrypt data until a ransom is paid in cryptocurrency. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) both have websites where victims can report incidents, and some people report attacks directly to their local FBI offices, which can leave people uncertain. turn around and drive to different agencies with files on different incidents. Financial regulators, including the Treasury Department’s Financial Crimes Enforcement Network, also collect ransomware data, particularly on payments, but it’s also far from comprehensive. A new law passed by Congress in March, as part of a sweeping government funding bill, will soon require operators of “critical infrastructure” to report to CISA within 72 hours when they have been victimized. a “substantial cyber incident”, and within 24 hours of a ransom payment, but the provision has not yet entered into force, pending regulatory decisions from the CISA.

Right now, many incidents are likely going unreported: According to the report, the FBI received 3,729 complaints in 2021 with losses of more than $49.2 million, up from previous years, but anti-malware software vendor Emsisoft estimated 24,770 ransomware incidents in the United States. in 2019, with total costs just under $10 billion. And a report by blockchain data analytics firm Chainalysis estimated that at least $692 million in cryptocurrency was paid as ransom alone in 2020.

See also  San Jose: Jewelery worker opens fire on pickpockets

The lack of data hampers officials’ ability to understand who is being victimized, who is behind ransomware attacks, and what can be done to help victims and stop future attacks, according to the Senate report.

“Aggregated and anonymized data from an increased number of incident reports could help inform policy regarding potential federal assistance to overburdened ransomware victims,” ​​the report said. “The increase in reporting may also shed light on the specific burdens faced by small and medium-sized businesses, such as the inability to access high-cost prevention methods and the dramatic economic consequences of these attacks.”

See also  What is fueling record gasoline prices in Canada?

The report calls on the Biden administration to quickly implement regulations around the new law requiring critical infrastructure reporting. He also suggested that agencies standardize how they track ransomware attacks and ransoms paid. And, according to the report, Congress should take steps to make it easier to share ransomware information between agencies and with private sector companies and academic researchers who are already doing their own research.

“The continued stream of ransom payments has emboldened illicit actors and contributed to a growing threat to businesses, the public, and national security,” the report said. “The lack of comprehensive data on these attacks prevents the US government from building a complete picture of cyber threats.”

The Post A new Senate report reveals that the government is unprepared to stop the ransomware attacks that first emerged on Fast Company.