Lawmakers say US ransomware payments should be disclosed
WASHINGTON (Tribune News Service) — More transparency is needed into what kind of cash payments are made after ransomware attacks, a top Democrat said, following a recent spate of cyberattacks aimed at U.S. companies.
Mark Warner, chairman of the Senate Intelligence Committee, spoke days after a top U.S. meat producer needed to shut down facilities that account for almost a quarter of American beef supplies after a cyber incident.
“Not only are the companies often not reporting that they are attacked, but they’re not reporting the ransomware payments,” Warner said on NBC’s “Meet the Press.”
It’s “worth having” a debate over whether to make paying ransoms illegal for U.S. companies, said Warner, who’s also co-chair and founder of the Senate Cybersecurity Caucus.
Energy Secretary Jennifer Granholm, on NBC’s “Meet the Press,” backed a possible ban on ransomware payments.
“We need to send this strong message that paying a ransomware only exacerbates and accelerates this problem. You are encouraging the bad actors when that happens,” she said.
The cyberattack on JBS USA followed the incident in May where Colonial Pipeline Co. was forced to shut the largest East Coast gasoline pipeline network for days after a cyberattack.
Both incidents have been tied to Russian-based hackers, and the issue will be on the agenda when President Joe Biden meets with Russian President Vladimir Putin on June 16.
Sen. Angus King of Maine, an independent who caucuses with Democrats and is also on the intelligence panel, said private companies should be subject to mandatory reporting of a breach but also receive liability protection, creating “an entirely new relationship between the federal government and private sector.”
“There has to be trust. And there has to be real-time” reporting, King said on CNN’s “State of the Union.” “I mean, the Colonial Pipeline, my understanding is, it wasn’t reported to the government for four or five days. I think they’d already paid the ransom.”
Commerce Secretary Gina Raimondo stopped short of proposing that the U.S. government require businesses to secure their technology in specific ways.
Instead, the Biden administration would urge companies to adopt higher standards and remain “vigilant” on cybersecurity, Raimondo said on ABC’s “This Week.”
FBI Director Christopher Wray has compared ransomware attacks — when the victim is targeted by a type of malware and a ransom is demanded — to the challenges posted by the September 11, 2001, attacks on the U.S. The FBI is investigating about 100 types of ransomware, he said last week.
Granholm said U.S. adversaries may have the capability of shutting down the nation’s power grid.
“Yes, they do. I mean, I think that there are very malign actors who are trying. Even as we speak, there are thousands of attacks on all aspects of the energy sector and the private sector generally,” Granholm said on CNN.
Yueqi Yang and Tony Czuczka contributed to this report.
©2021 Bloomberg L.P.
Distributed by Tribune Content Agency, LLC