In-brief: Two U.S. Senators are requesting information about the government’s experience with ransomware – asking whether Uncle Sam has paid ransoms to get data back.
Just a month after an FBI official admitted that his agency sometimes advised companies stricken with ransomware to pay the ransom, a bipartisan group of U.S. Senators is requesting information about the federal agencies’ encounters with ransomware malware, and whether Uncle Sam might have paid ransom, also.
Get the New 2017 SANS Research Report on 'Threat Hunting' -- Written by experts from the SANS Institute, the survey reveals a number of interesting data points about the challenges and benefits of threat hunting.
In jointly signed letters, Senators Tom Carper (D-Del) and Ron Johnson (R-Wis) requested information about the Department of Justice and Department of Homeland Security’s dealings with ransomware, which encrypts sensitive data on infected system and extracts monetary payment from victims to get it back. The story was first reported by The Register.
“Have federal state or local governments sought DOJ or FBI’s help to remove ransomware from their computers,” the Senators asked in a letter addressed to Attorney General Loretta Lynch. “If so, please describe the nature of any assistance sought, whether agencies have paid ransoms to remove ransomware, and whether DOJ or the FBI was able t decrypt the computer systems.”
A similar letter, addressed to Department of Homeland Security Secretary Jeh Johnson asked how many instances of ransomware DHS had been made aware of on federal agencies’ computers in the last 12 months. “In which agencies and on what systems was the ransomware located and what was the result? Is DHS aware of instances in which federal agencies have paid ransoms to remove ransomware?”
The letters follow public comments by the head of the Boston FBI at an event in October that warned companies that the nation’s top law enforcement agency may not be able to get their data back following a ransomware infection. In the absence of other alternatives, such as resorting to a data backup to recover, affected organizations are often advised to pay the ransom to get their data back.
“The ransomware is that good,” said Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program in its Boston office. “We often advise people just to pay the ransom.”
Recent years have brought a sharp increase in the use of ransomware malware and an increase in complaints to law enforcement. In June, the FBI issued a report that identified CryptoWall as the most common form of ransomware affecting individuals and businesses in the US. The Bureau said it had received 992 complaints related to CryptoWall between April 2014 and June 2015 with losses totaling $18 million. That message advised victims of ransomware to contact their local FBI field office.
There is evidence that government agencies in the U.S. and abroad have been targeted in the scams. In November, for example, a member of the UK parliament had her computer infected with ransomware, which spread and infected other Parliamentary computers, according to reports.
A recent poll by the technology news site Slashdot asked about readers’ experience with ransomware. More than 16,800 readers responded with the vast majority – 71 percent – saying they had never encountered ransomware. Nine percent of those who responded (1565 votes) said they had a system compromised but were able to recover from the infection. Six percent (1030 votes) claimed to have been infected, but refused to pay. Just 139 of those polled admitted to paying the ransom.
In addition to information about ransomware infections, the two Senators requested information on how Homeland Security and the Department of Justice coordinate with each other and other federal agencies (such as the FTC) to combat ransomware and educate the public about the threat.