Ahead of Hearing, House Oversight Committee Releases New Staff Memo on Ransom Attacks on U.S. Companies
In
Today's supplemental memo reveals the findings of the Committee's investigation, including:
1. Small lapses led to major breaches. Ransomware attackers took advantage of relatively minor security lapses, such as a single user account controlled by a weak password, to launch enormously costly attacks. Even large organizations with seemingly robust security systems fell victim to simple initial attacks, highlighting the need to increase security education and take other security measures prior to an attack.
2. Some companies lacked clear initial points of contact with the federal government. Depending on their industry, companies were confronted with a patchwork of federal agencies to engage regarding the attacks they faced. For example, two companies' initial requests for assistance were forwarded to different FBI offices and personnel before reaching the correct team. Companies also received different responses on which agencies could answer questions as to whether the attackers were sanctioned entities. These examples highlight the importance of clearly established federal points of contact.
3. Companies faced pressure to quickly pay the ransom. Given the uncertainty over how quickly systems could be restored using backups and whether any sensitive data was stolen, the companies appeared to have strong incentives to quickly pay the ransom. This pressure was compounded by attackers' assurances that payment of the ransom would resolve the situation and avoid negative publicity for the company. For instance, after the initial hack of JBS, REvil told the company, "We can unblock your data and keep everything secret. All we need is a ransom." Further examination is needed of the factors encouraging ransom payments, including the role of cyber insurance and the costs companies can face even after paying a ransom, especially when the cybercriminals fail to deliver on their promises.
Click here (https://oversight.house.gov/sites/democrats.oversight.house.gov/files/20211116%20Supplemental%20Memo%20on%20CORs%20Investigation%20into%20Ransomware.pdf) to read today's memo.
Click here (https://www.youtube.com/watch?v=7uDtso_jpPo) to watch the Committee hearing.
Pa. House Republicans: House Insurance Committee Advances Consumer-Friendly Legislation, Says Pickett
Cancer Action Network: North Carolina Legislature Leaves More Than 372,400 North Carolinians Without Access to Health Coverage
Advisor News
Annuity News
Health/Employee Benefits News
Life Insurance News