Why the government is unprepared to stop ransomware attacks

But despite the heavy toll such incidents have on both the public and private sectors, government officials have only a limited understanding of ransomware attacks and how cryptocurrencies are used to collect payments. according to a new report of the Senate Homeland Security and Government Affairs Committee.

“Cryptocurrencies — which allow criminals to quickly extort huge sums of money, be anonymized, and have not consistently enforced regulatory compliance, especially for attackers abroad — have further enabled cybercriminals to launch disruptive ransomware attacks that threaten our national security system. and economic threat. security,” Michigan Senator Gary Peters, committee chairman, said in a statement. “My report shows that the federal government lacks the information necessary to deter and prevent these attacks, and to hold foreign adversaries and cybercriminals accountable for committing them.”

Part of the problem is in the reporting: the federal government doesn’t have a standardized place for victims to log ransomware attacks, which typically encrypt data until a ransom is paid in cryptocurrency. Both the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have websites where victims can report incidents, and some people report the attacks directly to their local FBI field offices — leaving people unsure where to turn. and cause different agencies to have records of different incidents. Financial regulators, including the Treasury Department’s Financial Crimes Enforcement Network, are also collecting some data on ransomware, particularly around payments, but it’s also far from exhaustive. a new law approved by Congress in March, as part of a broad government funding bill, will soon require operators of “critical infrastructure” to report to CISA within 72 hours of being the victim of a “substantial cyber incident”, and within 24 hours of paying ransom, but the provision has not yet entered into force, pending regulatory decisions from CISA

Right now, many incidents are likely to go unreported: According to the report, the FBI received 3,729 complaints with losses of more than $49.2 million in 2021, an increase from previous years, but antimalware software vendor Emsisoft estimated 24,770 ransomware incidents. the US back in 2019, with total costs of just under $10 billion. And a report from blockchain data analytics firm Chainalysis estimated at least $692 million worth of cryptocurrency in 2020 paid as ransom alone.

The lack of data hinders officials’ ability to understand who the victim is, who is behind ransomware attacks and what can be done to help victims and stop future attacks, the Senate report said.

“Aggregated and anonymized data from increased incident reporting could help inform policies regarding potential federal assistance for overburdened ransomware victims,” the report reads. “More reporting could also shed light on the specific burdens that small and medium-sized businesses face, such as the inability to access expensive prevention methods and the drastic economic consequences of these attacks.”

The report calls on the Biden administration to swiftly implement regulations around the new law requiring critical infrastructure reports. It also suggested that agencies standardize how they track ransomware attacks and ransom payments. And according to the report, Congress should take action to facilitate the sharing of ransomware information between agencies and with private sector companies and academic researchers who already conduct their own research.

“The continued flow of ransom payments has encouraged illegal actors and contributed to a growing threat to businesses, the public and national security,” the report reads. “The lack of comprehensive data on these attacks prevents the US government from getting a full picture of cyber threats.”

Shreya Christina
Shreya has been with for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

More from author

Related posts


Latest posts

Quality vs. Quantity: The Trade-off in Data Annotation Without the Right Tools

A bug tracking tool or issue tracker, such as BugHerd, is a specialized bug tracking system designed to record and track website or software...

Data Security in the Digital Age: Best Practices for Backing Up Essential Information

In the age where digitalization has permeated everything, the sheer importance of data security cannot be overemphasized. Whether it may be personal pictures and...

10 Tips To Work From Home For Less

Over the past few years, the idea of remote work has seen a significant surge in popularity, providing employees with the valuable advantages of...