WASHINGTON — America’s Data Held Hostage is the name of the just-released report by the U.S. Senate’s Committee on Homeland Security. The report provides a profile of three anonymous companies of varying sizes that were all attacked by the Russia-based ransomware group REvil and the experiences of those companies during the incident response.
“Ransomware is a type of malware that encrypts victims’ computer systems and data, rendering the systems unusable and the data unreadable,” the report states. “Perpetrators then issue a ransom demand—often in cryptocurrency—allowing remote and anonymous payment to attackers. If the victim pays, hackers may provide the victim with a key to decrypt their systems and data.”
“Ransomware is on the rise. While the first recorded instance of ransomware was in 1989, the frequency of these attacks has increased exponentially, at least in part because of the establishment of cryptocurrencies. One cybersecurity firm estimated there were 623.3 million attempted ransomware attacks worldwide in 2021 alone—an average of 20 attempted attacks every second. The United States suffered the most ransomware attempts at 421.5 million, a 98% increase from 2020,” the report continued.
Sen. Rob Portman (R-OH) is a ranking Republican member on the committee.
"It's amazing how many attacks we already have and with regard to the Ukraine situation we expect more because the Russians are so frustrated by what's going on in Ukraine and obviously frustrated by the way the west is helping Ukraine in terms of military assistance so the fear is that they're going to turn some of that anger toward us and do even more attacks."
Highly publicized Ransomware attacks cited were the ones to the Colonial Pipeline, the nation’s largest fuel pipeline that supplies 45% of the fuel to the east coast that was shut down last May. And JBS, the world’s largest supplier of beef shut down meat plants in six states. JBS ended up paying an $11 million ransom according to the report.
Payments are not uncommon with the report stating in the first five months of last year financial institutions reported $590 million in Ransomware payments, which was a 42% increase overall of 2020.
"It's happening every day, there's hardly a business in Ohio that hasn't been attacked in one way or another,” Portman said. “And again when you're talking about ransomware and some of these really serious attacks it has a huge impact on people and their personal data and our lives but also on the economy."
That’s why the Senate just passed legislation that Portman was pushing that would require areas of the nation’s critical infrastructure to report these attempts.
"Let's as an example say you get attacked as a regional bank in Cleveland, you want to be sure and tell the other regional banks what's going on so they can protect themselves better."