Cybersecurity

Peters launches bipartisan investigation into increasing ransomware attacks

Senate Homeland Security and Governmental Affairs Committee Chairman Gary Peters (D-Mich.) on Tuesday announced the launch of a bipartisan investigation into the recent string of debilitating ransomware attacks against U.S. companies. 

The investigation will examine how cryptocurrencies are used in ransomware attacks to exploit victims. Ransoms are often demanded in the form of cryptocurrency which is harder to trace. 

“The increased use of cryptocurrencies as the preferred method of payment in ransomware attacks shows that cybercriminals believe they can commit attacks without being held accountable,” Peters said in a statement Tuesday. “These attacks can have a devastating effect on Americans’ lives and livelihoods, and we must do everything we can to deter them – including understanding what additional regulations, actions and reforms are needed to adequately tackle complicated cybersecurity threats.”

“My investigation will help us better understand how cryptocurrency can embolden cybercriminals, and identify possible policy changes that would help disrupt the incentive cryptocurrencies provide for criminal organizations and foreign adversaries to target critical public and private sector systems,” he said.

The investigation will look into the current federal regulation around the cryptocurrencies, and ultimately aim to produce recommendations for how lawmakers and federal officials can address and enhance their safe use. 

The investigation comes after a major increase in ransomware attacks against critical organizations worldwide during the COVID-19 pandemic, including against hospitals, schools and government agencies at all levels. 

Some of these attacks have had national security consequences, including ransomware attacks in May on the Colonial Pipeline, which led to fuel shortages in several U.S. states, and on JBS USA, a major meat producer. 

Both Colonial and JBS chose to pay the ransoms demanded by the hackers, with the FBI linking both attacks to Russia-based cyber criminal groups. Colonial paid around $4.4 billion in Bitcoin to decrypt its networks, while JBS paid around $11 million in bitcoin to hackers after it was attacked. 

The Justice Department was able to recover just over half of the funds Colonial paid the cyber criminal group known as “DarkSide” after seizing the money from the group’s bitcoin wallet. 

Peters said Tuesday that the investigation is bipartisan, but he did not name any additional committee members who may be participating. A spokesperson did not immediately respond to The Hill’s request for comment on potential Republican involvement.

Cybersecurity is a key priority for the committee, which recently approved several bills on the issue, including one to strengthen K-12 institutions against cyberattacks. Peters told reporters last week that the committee had additional cybersecurity bills “we’ll be moving in our next markup.”

“It hasn’t been announced yet, but it will be real soon,” Peters said. 

One of these pieces of legislation may be a bill Peters and the committee have been working on in recent weeks to address the increase in ransomware attacks. Peters said last week he hoped to have the bill “ready in the next week or two.”