Senate asks DHS: you don't negotiate with terrorists, but do you pay off ransomware?
Committee asks for full details on government's handling of extortionist malware
The US Senate Committee on Homeland Security and Governmental Affairs wants to know how secured government PCs are against ransomware, and whether any agencies have paid off hackers to unlock their files.
In a pair of open letters to the Department of Homeland Security (DHS) and Attorney General Loretta Lynch, Senators Tom Carper (D-DE) and Ron Johnson (R-WI) asked the two offices to deliver full reports on how they deal with ransomware.
In addition to statistics on how the DHS is helping individual citizens and businesses prevent and respond to ransomware infections, the committee wants to know how the government itself is dealing with the threat of ransomware infections on its own PCs.
The letter asks for, among other things, a report detailing whether any DHS-owned machines have been infected with ransomware and, if so, whether any agencies have paid off the hackers in order to regain system access.
"Over the past 12 months, how many instances of ransomware has DHS been made aware of in federal agencies' computers? In which agencies and on what systems was the ransomware located and what was the result? Is DHS aware of instances in which federal agencies have paid ransoms to remove ransomware?" the letter asks.
Ransomware infections, most notably the Cryptowall and Cryptolocker infections, encrypt the contents of the victim's hard drive and then demand a payment, usually via a bitcoin transfer or other hard-to-trace path, before they will decrypt the files.
In addition to questioning whether the agencies themselves have paid off hackers, the committee wants to know how the DHS and the FBI have responded to the ransomware infections. Certainly local police have paid up in the past.
In particular, they ask, how have the agencies been able to identify and take down the command-and-control servers for the malware networks? What sort of measures can be taken by law enforcement to better track and disrupt the criminals who spread the malware infections? ®