April 12, 2016

Kilmer on Ransomware: ‘Hackers are Increasingly Using this Tactic to Hold Data Hostage’

Today, Representative Derek Kilmer (D-WA) warned that ransomware is increasingly being used to attack families, businesses, and local governments. Kilmer urged the Department of Homeland Security to continue developing coordination between agencies investigating ransomware attacks and support to those who have their data stolen. Hackers have taken data from hospitals, city governments, small businesses, and others and asked to be paid before the personal information is returned.   

In his letter Kilmer noted that last year the FBI received 2,453 complaints about ransomware attacks that cost victims more than $24 million. These include incidents like an attack in February on the Hollywood Presbyterian Medical Center that shut down computer systems at their facilities. Kilmer urged federal agencies to work together and make sure that there are guidelines and assistance in place to help anyone in the wake of a ransomware attack. 

“I request your assistance in helping everyday Americans, companies, and government agencies understand the steps they should take to reduce the chances of a ransomware attack,” Kilmer wrote in the letter sent to the Department of Homeland Security today. “I also ask that you offer guidance for individuals and companies on to whom they should turn for assistance either to prevent attacks, report an attack, or mitigate the damage from an attack. Finally, I would like to mention that I support your efforts to work with your FBI colleagues to locate and prosecute cyber criminals employing ransomware and with your international counterparts, such as the Canadian Cyber Incident Response Centre, with whom you recently collaborated to issue a joint alert about ransomware.  I encourage you to strengthen these partnerships to help prevent ransomware attacks and bring the perpetrators of such attacks to justice.”  

The text of the letter follows.

April 12, 2016

The Honorable Dr. Andy Ozment

Assistant Secretary of the Office of Cybersecurity and Communications
Department of Homeland Security

Washington, DC 20528

Dear Assistant Secretary Ozment,

I am writing to express my concern about the increasing threat ransomware poses to everyday Americans, law enforcement, government agencies and infrastructure, and sectors of our economy like healthcare and financial services. Hackers are increasingly using this tactic to hold data hostage.

We have become all too familiar with news stories about the latest ransomware attacks against hospitals, city governments and police departments, schools and small companies, and people across the country. Oftentimes victims feel they have no other choice but to pay hackers with their own money to get their data back.

Just last year, the FBI received 2,453 complaints about ransomware attacks, which cost the victims more than $24 million. These incidents have increased in frequency since 2009, when over a nine-month period the FBI received 1,838 complaints about ransomware. This does not even take into account individuals, firms, and officials who might have simply paid off hackers without reporting the attack. Moreover, a recent report by the Institute for Critical Infrastructure Technology, a cybersecurity-focused think tank, concluded that ransomware will, “wreak havoc on America's critical infrastructure community,” in 2016.

I request your assistance in helping everyday Americans, companies, and government agencies understand the steps they should take to reduce the chances of a ransomware attack.  I also ask that you offer guidance for individuals and companies on to whom they should turn for assistance either to prevent attacks, report an attack, or mitigate the damage from an attack.

            Finally, I would like to mention that I support your efforts to work with your FBI colleagues to locate and prosecute cyber criminals employing ransomware and with your international counterparts, such as the Canadian Cyber Incident Response Centre, with whom you recently collaborated to issue a joint alert about ransomware.  I encourage you to strengthen these partnerships to help prevent ransomware attacks and bring the perpetrators of such attacks to justice.

            Thank you for your commitment to addressing the growing cyber threats we face from ransomware.  Please consider me a partner in addressing this challenge, and do not hesitate to let me know what Congress can do to assist you in these efforts.  I appreciate your attention to this matter.

###