Sen. Elizabeth Warren, D-Mass., and Rep. Deborah Ross, D-N.C., introduced a bill last week that would require ransomware attack victims who paid a ransom demand to disclose to the federal government the amount paid to the threat actor.
The bill, entitled the Ransom Disclosure Act, is designed to gather information on ransomware attacks which she believes will help the Department of Homeland Security formulate a better response to the ransomware threat facing the country.
"Ransomware attacks are skyrocketing, yet we lack critical data to go after cybercriminals," Warren said in a statement. "My bill with Congresswoman Ross would set disclosure requirements when ransoms are paid and allow us to learn how much money cybercriminals are siphoning from American entities to finance criminal enterprises -- and help us go after them."
Rep. Deborah Ross, D-N.C., and Sen. Elizabeth Warren, D-Mass.
If passed, the bill would require:
Warren cited FBI statistics for 2020 that said the agency received nearly 2,500 ransomware complaints that year, up 20% from 2019, and identified losses of over $29 million.
Such payments have continued in 2021, with threat actors forcing several major corporations to pay a ransom.
One of the more prominent attacks took place this summer when the DarkSide cyber gang infiltrated ransomware into Colonial Pipeline's network through an old VPN.
The malware forced the company to shut down its fuel pipelines, pay a $4 million ransom and have the data of 5,800 current and former employees compromised. The FBI was able to recover $2.3 million by tracking the bitcoin payment to a wallet it controlled.
Trustwave researchers stated in a blog post that there were 304 million attacks worldwide in 2020 alone, a 64% increase from 2019.
The FBI’s official stance is it does not support paying a ransom in response to a ransomware attack. Paying a ransom doesn’t guarantee that an organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity, the FBI said.
Anne Neuberger, deputy national security adviser for cyber and emerging technology, noted during a conference earlier this year Federal government does not ban victims from paying ransoms.
Trustwave has a variety of resources available to help in the case of an attack, along with several general proactive recommendations to help stave off an attack.
Trustwave's Digital Forensics & Incident Response team can help identify the breach, measure its impact, secure evidence, and be your advisor in handling the press, employees, and law enforcement agencies, as well as, provide litigation support.
To secure a network from ransomware Trustwave recommends:
Organizations also cannot forget the human factor when it comes to defending against ransomware.
Ransomware often requires human action to be successful, which makes people the critical part of a ransomware attack. Many ransomware attacks start with phishing emails combined with exploit kits. So, it is critical for organizations of all sizes to educate their employees on cybersecurity hygiene, particularly how to recognize and avoid suspicious links and attachments. Doing so has been shown to help reduce the number of successful attacks.
One way to bolster an employee’s ability to detect and avoid ransomware, according to Trustwave’s security researchers, is through an on-going security awareness training program that instructs staffers on what to avoid, such as clicking on unknown or suspicious links that appear in emails or attachments. And to report any potential attacks to the Information Security team for support.
Trustwave is supporting the 2021 Cybersecurity Awareness Month, which is sponsored by Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the National Cybersecurity Alliance (NCSA), with a series of blog posts and webinars.