The US government is doing a really bad job of tracking ransomware
Data is incomplete and fragmented, Senate says
The US government is doing a really bad job of tracking ransomware, a report from a Senate committee has found.
The Senate Homeland Security and Governmental Affairs Committee has released its findings following 10 months of investigation into ransomware attacks and related cryptocurrency payments.
It said reports of previous attacks are “fragmented and incomplete”, and blame was partially laid on the fact that both the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) both have a “one-stop-shop” website for all things ransomware reporting.
Ransomware results
The FBI’s figures, for example, were described as a “subset of a subset” of actual data, something even the Bureau agrees with, saying its data is “artificially low” due to the fact that it was shared voluntarily.
It took the committee ten months to draft the report, and in the meantime, a lot has changed. The Senate passed the Cyber Incident Reporting Act of 2021 in March, which required firms to report a malware cyberattack to CISA within 72 hours, and a ransomware attack within 24 hours.
Following up on the new regulation, CISA said back then that it would share all of the reports with the FBI immediately. However, the report states that wasn’t exactly the case.
"While the agencies state that they share data with each other, in discussions with committee staff, ransomware incident response firms questioned the effectiveness of such communication channels' impact on assisting victims of an attack," the report said.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
FBI and CISA aside, other organizations within the U.S. government, such as the U.S. Treasury, the Transport Security Administration, and the Security and Exchange Commission, have their own reporting practices. These are only adding more complexity to an already complex problem, as they “do not capture, categorize, or publicly share information uniformly”.
Via: ZDNet
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.