The threat of “ransomware” roared into public view recently with cyber attacks on hospital systems, but some lawmakers have been trying to get a handle on the issue for the past few months.
Hospitals are a choice target for cybercriminals who use email “phishing” and other methods to insert ransomware into a computer system. The virus holds the system hostage until the victim pays up.
“Hospitals are the perfect mark for this kind of extortion because they provide critical care and rely on up-to-date information from patient records,” according to a story in Wired.com. “Without quick access to drug histories, surgery directives and other information, patient care can get delayed or halted, which makes hospitals more likely to pay a ransom rather than risk delays that could result in death and lawsuits.”
But the potential targets include everyone who participates in the digital economy, as well as the federal government.
“While much must be done to bolster the cyber defenses of our federal agencies, a far larger group, including individual consumers, faces a growing threat from a malicious computer virus known as ‘ransomware,'” Senate Homeland Security and Governmental Affairs Chairman Ron Johnson, R-Wis., and ranking member Tom Carper, D-Del., said in December letters to Homeland Security Secretary Jeh Johnson and Attorney General Loretta Lynch.
“After infiltrating a person’s computer,” the senators noted, “the virus encrypts a user’s files until a ransom is paid, usually in the form of Bitcoin or other difficult-to-track crypto currency. Infected users face the difficult choice of paying the ransom or losing their files forever.”
So what, the senators wanted to know, is the government doing about it?
The departments answered recently, and the senators released the responses last week.
First, the scorecard: the Department of Homeland Security’s National Cybersecurity and Communications Integration Center has received 337 reports of ransomware incidents since June, according to the department. More than 300 incidents were reported by federal agencies.
Ransomware has cost victims $57 million since 2005, according to the Justice Department.
As for the government’s response, DHS cited extensive collaboration with the FBI and numerous alerts circulated to the public.
DHS highlighted its EINSTEIN 3 cybersecurity system, which provides “perimeter protection” for the federal government. Further, the department is working with the private sector to develop and implement “technology solutions” to “ransomware-type botnets.”
“EINSTEIN capabilities are equally effective at detecting and blocking ransomware attacks as with any other type of known malware,” DHS said.
“These responses from the Departments of Homeland Security and Justice are a first step toward understanding the problem so we can make informed policy decisions about these unique threats,” Carper told InsideCybersecurity.com. “We must continue working with our federal partners to effectively prevent future cyber-attacks and ensure Americans are protected.”
Industry sources expressed skepticism.
“I would expect that ransomware with known malicious signatures would be blocked by EINSTEIN. This is not news,” commented one cybersecurity professional in the private sector.
“EINSTEIN is essentially a massive database of known malicious signatures,” the source added. “The problem with signature-based systems is that they can only detect malicious signatures they know about. If the system does not identify a signature as malicious — if the signatures are new or have not been detected before — then the malware well get through.”
Johnson and Carper are examining what additional policy steps may be needed to successfully combat “emerging dangers” such as ransomware.
Charlie Mitchell is editor of InsideCybersecurity.com, an exclusive service covering cybersecurity policy from Inside Washington Publishers, and author of “Hacked: The Inside Story of America’s Struggle to Secure Cyberspace,” coming this spring from Rowman and Littlefield.
