Lawmakers Call for More Transparency Over Cyber Ransom Payments

Following a recent spate of cyber-attacks aimed at U.S. companies, more transparency is needed into what kind of cash payments are made after ransomware attacks, a top Democrat said.

Source: Bloomberg | Published on June 7, 2021

Christie's ransomware

Mark Warner, chairman of the Senate Intelligence Committee, spoke days after a top U.S. meat producer needed to shut down facilities that account for almost a quarter of American beef supplies after a cyber incident.

“Not only are the companies often not reporting that they are attacked, but they’re not reporting the ransomware payments,” Warner said on NBC’s “Meet the Press.”

It’s “worth having” a debate over whether to make paying ransoms illegal for U.S. companies, said Warner, who’s also co-chair and founder of the Senate Cybersecurity Caucus.

Energy Secretary Jennifer Granholm, on NBC’s “Meet the Press,” backed a possible ban on ransomware payments.

“We need to send this strong message that paying of ransomware only exacerbates and accelerates this problem. You are encouraging the bad actors when that happens,” she said.

The cyber-attack on JBS USA followed the incident in May where Colonial Pipeline Co. was forced to shut the largest East Coast gasoline pipeline network for days after a cyber-attack.

Both incidents have been tied to Russian-based hackers, and the issue will be on the agenda when President Joe Biden meets with Russian President Vladimir Putin on June 16.

Senator Angus King of Maine, an independent who caucuses with Democrats and is also on the intelligence panel, said private companies should be subject to mandatory reporting of a breach but also receive liability protection, creating “an entirely new relationship between the federal government and private sector.”

“There has to be trust. And there has to be real-time” reporting, King said on CNN’s “State of the Union.” “I mean, the Colonial Pipeline, my understanding is, it wasn’t reported to the government for four or five days. I think they’d already paid the ransom.”

Commerce Secretary Gina Raimondo stopped short of proposing that the U.S. government require businesses to security their technology in specific ways.

Instead, the Biden administration would urge companies to adopt higher standards and remain “vigilant” on cybersecurity, Raimondo said on ABC’s “This Week.”

FBI Director Christopher Wray has compared ransomware attacks -- when the victim is targeted by a type of malware and a ransom is demanded -- to the challenges posted by the September 11, 2001 attacks on the U.S. The FBI is investigating about 100 types of ransomware, he said last week.

Granholm said U.S. adversaries may have the capability of shutting down the nation’s power grid.

“Yes, they do. I mean, I think that there are very malign actors who are trying. Even as we speak, there are thousands of attacks on all aspects of the energy sector and the private sector generally,” Granholm said on CNN.