Chairman of the House Oversight and Reform Committee: Bitcoin Ransomware Payments as a dangerous precedent
US Representative Carolyn Maloney (D-NY), chair of the House Oversight and Reform Committee, puts two recent ransomware victims on the hot seat.
Carolyn Maloney – Chair of the House Oversight and Reform Committee
in the Letters Carolyn Maloney mailed Colonial Pipeline and CNA Financial today (June 4th) requesting details of payments the two companies allegedly made to hackers who had taken control of their computer networks in May and March.
Carolyn Maloney said:
“I am deeply concerned that the decision to pay international criminals is setting a dangerous precedent that will place a bigger target behind critical infrastructure in the future.”
NEW: @OversightDems chair @RepMaloney sent letters to Colonial Pipeline Company and CNA Financial Corporation asking for documents regarding their ransom payment decisions following the recent ransomware attacks.
– Oversight Committee (@OversightDems) June 3, 2021
“The chairman of the oversight committee, Carolyn Maloney, has sent letters to Colonial Pipeline Company and CNA Financial Corporation asking for documentation related to their decision to pay ransom after the recent ransomware attacks.”
Maloney’s mission is to ponder how ransomware attacks and the cryptocurrency payments they often make have become a political issue.
The US Department of Justice announced today that it will prioritize ransomware attacks on a par with terrorism. A spokesman for the Biden administration yesterday said on expanding cryptocurrency tracking as a countermeasure against a ransomware attack. Bitcoin and other cryptocurrencies, especially privacy coins like Monero, are mainly used for ransom because they can operate outside of the highly regulated financial sectors.
Hacker groups made more than $ 90 million from Bitcoin this year, according to a report report recently from analytics firm Elliptic. As recently as this week, an attack on meat packaging company JBS, which is attributed to Russia-affiliated REvil / Sodinokibi, threatened to disrupt much of the US meat supply. JBS said They have now regained control of their facilities, although it is unclear whether they will pay a ransom to solve the problem.
Last year, the US Treasury Department’s Office of International Assets Control (OFAC) responded to the rise in ransomware attacks warning Companies that facilitate payments to hacking groups could expose them to US sanctions prohibiting access to government blacklisted individuals and entities.
DarkSide, the group responsible for an attack on the Colonial Pipeline that led to a gas shortage on the east coast, is not on that blacklist. According to New York Times reporter Andrew Kramer, DarkSide uses a franchise model that allows hackers to buy ransomware to launch the attack.
Ransomware payments may otherwise be permitted provided the companies that facilitate such transactions, which are a small industry, have a strict compliance program in place.
But very few details are known about Colonial or CNA Financial payments. CNA Financial, one of the largest U.S. insurers, reportedly paid $ 40 million to restore access to its network, but has not confirmed any payments.
“CNA Financial is following all published laws, regulations and guidelines, including the OFAC 2020 ransomware guidelines, in dealing with this matter,” said Cara McCall, spokeswoman for CNA Financial. speak with Bloomberg in May.
Meanwhile, according to CEO Joe Blount, Colonial had to pay $ 4.4 million in Bitcoin to get it working again.
President Maloney is requesting documents and information related to the exposure of the hack and ransom, including any information related to the review of the sanctions imposed by the companies. She gave Colonial and CNA Financial until June 17 to provide the requested documents.
“Congress needs detailed information on ransom payments to cyber criminals in order to create effective cybersecurity and ransomware laws in the US.”