Senators sound alarm on dangers of ransomware attacks after briefing

Senators sound alarm on dangers of ransomware attacks after briefing
© Greg Nash

Senators from both sides of the aisle sounded the alarm Wednesday on the dangers posed to small businesses and government entities by ransomware cyberattacks following a classified briefing from a key Department of Homeland Security (DHS) official.

The Senate Cybersecurity Caucus, led by Sens. Mark WarnerMark Robert WarnerHillicon Valley: Apple, Barr clash over Pensacola shooter's phone | Senate bill would boost Huawei alternatives | DHS orders agencies to fix Microsoft vulnerability | Chrome to phase out tracking cookies Senators offer bill to create alternatives to Huawei in 5G tech Sen. Warner calls on State Department to take measures to protect against cyberattacks MORE (D-Va.) and Cory GardnerCory Scott GardnerGeorge Conway group drops ad seeking to remind GOP senators of their 'sworn oaths' ahead of impeachment trial Mitch McConnell may win the impeachment and lose the Senate Republicans will pay on Election Day for politicizing Trump's impeachment MORE (R-Colo.), hosted the meeting with Christopher Krebs, the director of DHS’s Cybersecurity and Infrastructure Security Agency (CISA), who briefed members on threats posed by ransomware attacks.

Ransomware attacks have become an increasing threat nationwide over the past year, according to experts. The attacks involve an individual or group gaining access to a system, encrypting it and then demanding money before unlocking it for the owner.

ADVERTISEMENT

City governments including Baltimore and Atlanta have spent millions recovering their systems after ransomware attacks, while nearly two dozen small town governments in Texas were also the victims of a coordinated ransomware attack. States agencies in Louisiana have also been attacked as well as school districts in several states in separate debilitating attacks.

Following the briefing Wednesday, Warner said in a statement that “the continued prevalence of ransomware should really capture our attention.”

“Ransomware and its destructive cousin wiperware are designed to inflict fear and uncertainty, disrupt vital services, and sow distrust in public institutions,” Warner said.

Wiperware is a type of malware that infects a system and wipes the hard drive clean. It's not as big as ransomware, but experts have warned that it remains a threat.

“While often viewed as basic digital extortion, ransomware has had materially adverse impacts on markets, social services like education, water, and power, and on healthcare delivery, as we have seen in a number of states and municipalities across the United States,” Warner added.

ADVERTISEMENT

Gardner told The Hill on Tuesday prior to the briefing that he thought it was “important that the American people understand what’s at risk, so to have something that it is out in the open that we can get out is needed so the American people can be eyes open when it comes to the challenges that our country faces.”

Sen. Maggie HassanMargaret (Maggie) HassanCyberattacks against North Dakota state government skyrocket to 15M per month Hillicon Valley: Biden calls for revoking tech legal shield | DHS chief 'fully expects' Russia to try to interfere in 2020 | Smaller companies testify against Big Tech 'monopoly power' Bipartisan group of senators introduces legislation to boost state cybersecurity leadership MORE (D-N.H.), a member of the Cybersecurity Caucus, said in a statement Wednesday that the briefing was “a helpful conversation to aid us in grappling with the complexities of the threats we face and what we can do to address them.”

Hassan has pushed for action to protect small businesses and government entities from attack, sending a letter to the Government Accountability Office in October asking that it look into how the federal government is currently able to support state and local governments that are hit by ransomware attacks.

The Senate also took action as a whole in September when it passed by unanimous consent a bill sponsored by Hassan and Sen. Rob PortmanRobert (Rob) Jones PortmanHillicon Valley: Biden calls for revoking tech legal shield | DHS chief 'fully expects' Russia to try to interfere in 2020 | Smaller companies testify against Big Tech 'monopoly power' Bipartisan group of senators introduces legislation to boost state cybersecurity leadership Senate approves Trump trade deal with Canada, Mexico MORE (R-Ohio) that would increase the ability of the federal government to assist groups hit by ransomware attacks.

Sen. Gary PetersGary Charles PetersHillicon Valley: Biden calls for revoking tech legal shield | DHS chief 'fully expects' Russia to try to interfere in 2020 | Smaller companies testify against Big Tech 'monopoly power' Bipartisan group of senators introduces legislation to boost state cybersecurity leadership The Hill's Morning Report — President Trump on trial MORE (D-Mich.), another member of the Cybersecurity Caucus and the top Democrat on the chamber's Homeland Security and Governmental Affairs Committee, told reporters that while he was not at the briefing on Wednesday, he would support holding a public hearing on ransomware threats.

“It definitely has to be addressed, and our small businesses in particular are being hit and impacted by this, and a large percentage of those who get hit by it often don’t survive it and end up going out of business, so we’ll definitely be focusing on it next year,” Peters said.

Cybersecurity Caucus member Sen. Angus KingAngus KingCongress struggles on rules for cyber warfare with Iran Democrats brace for round two of impeachment witness fight The Hill's Morning Report - Deescalation: US-Iran conflict eases MORE (I-Maine) told reporters that he thought the Homeland Security and Governmental Affairs Committee would be “a good place” for the hearing to be held but emphasized that he did not want to tell committee Chairman Ron JohnsonRonald (Ron) Harold JohnsonHillicon Valley: Barr asks Apple to unlock Pensacola shooter's phone | Tech industry rallies behind Google in Supreme Court fight | Congress struggles to set rules for cyber warfare with Iran | Blog site Boing Boing hacked Congress struggles on rules for cyber warfare with Iran Senators set for briefing on cyber threats from Iran MORE (R-Wis.) “what hearings he should hold.”

“What we learned was (a) it’s a problem, (b) it’s widespread and increasing, and (c) companies and institutions, governments, state governments, local governments, there are things that they can do to protect themselves, but they have to take active measures to do so,” King said of the briefing.