Ride the Lightning

Ransomware Victims Don’t Know Who to Call!

November 18, 2021

The Washington Post (sub.req.) reported on November 16 that a congressional review issued yesterday by the House Oversight Committee concluded that companies hit by ransomware hackers are at a disadvantage during every phase of the attack.

The review concentrated on three major attacks against CNA Financial Corporation, Colonial Pipeline and the meat processor JBS Foods but its conclusions apply to ransomware attacks across critical industry sectors.

The report has two major takeaways:

1. Victims often didn’t know who in the federal government to call.

Sometimes, the companies simply didn’t have a pre-existing relationship with a federal agency. In other cases they didn’t know where to look among several agencies that relate to their industry sector.

“Colonial was in contact with at least seven federal agencies or offices,” the committee found. “CNA was initially referred to one FBI field office before a different field office was designated as the primary point of contact.”

In the case of JBS, the company emailed the FBI. But it took several hours for a substantive reply as the email was forwarded between case agents at the same field office who were trying to determine the right point of contact.

2. Hackers put companies under intense pressure to pay ransoms quickly to get their computers systems back online.

For instance, hackers with the REvil gang told JBS their $22.5 million ransom demand would double if it wasn’t paid quickly. They also threatened to post the company’s data publicly if they weren’t paid within three days. Eventually, JBS negotiated paying an $11 million ransom.

Colonial faced a similar threat of a doubled ransom after a set period. Hackers with the DarkSide gang ratcheted up the pressure with a clock ticking down in the corner of the company’s computer screens.

The pressure was often increased by a sense of chaos within companies as executives who were shut out of company email systems scrambled to communicate by personal email and text messages.

The report underscores challenges facing the Biden administration as it works to curtail a wave of ransomware attacks that increasingly threaten national security and the economy.

The administration has pushed back at ransomware hackers with a series of law enforcement actions. That includes indictments and sanctions against key hackers. They’ve also created operations to get back millions of dollars in ransomware payments from the perpetrators of the Colonial Pipeline hack and the Kaseya attack, which affected hundreds of businesses.

The administration has had less success getting companies to use better cybersecurity procedures that would prevent ransomware attackers from breaching their systems.

The Department of Homeland Security mandated upgraded cyber procedures for the pipeline sector in the wake of the Colonial hack and similar regulations are being developed for the air and rail sectors. But it’s not likely that Congress will give the administration authority to mandate such protections more broadly.

The report is timely as it comes just days after a hacker compromised the FBI website, sending phony cyberattack email alerts to thousands of people.

The FBI blamed the hack on a “software misconfiguration.” Personally identifiable information was not exposed and the vulnerability was “quickly remediated,” the bureau said. Nonetheless, if hackers can compromise the FBI website, one wonders how the private sector is supposed to protect itself.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225, Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson