At Hearing, Portman Highlights Recent Report That Underscores Threat Ransomware Presents to the United States

WASHINGTON, DC – Today, U.S. Senator Rob Portman (R-OH), the Ranking Member of the Senate Homeland Security and Governmental Affairs Committee, delivered opening remarks at a hearing to examine rising ransomware attacks and the need for comprehensive data to deter these attacks. In his remarks, Portman highlighted a report he released earlier this year entitled America’s Data Held Hostage: Case Studies in Ransomware Attacks on American Companies. The report documents the experiences of three victims targeted by the REvil ransomware gang and shows how difficult it is for all organizations to account for all vulnerabilities and defend against sophisticated cyber adversaries. It also demonstrates the need for enhanced visibility into cyberattacks against the United States to effectively respond and warn potential victims. The entities profiled in the report are from different business sectors and vary significantly in size, revenue, and IT resources. Despite these differences, all three fell victim to REvil. This underscores the broad threat ransomware presents and the proactive steps all organizations must take to implement cyber best practices. 

In addition, Portman urged the Cybersecurity and Infrastructure Security Agency (CISA) to work with industry experts to swiftly implement a bipartisan law written by Senators Portman and Gary Peters (D-MI), Chairman of the Senate Homeland and Governmental Affairs Committee. Their bipartisan legislation requires critical infrastructure to report cyberattacks and ransomware payments to the federal government so the United States can hold foreign adversaries and criminal hackers accountable.  

A transcript of his opening remarks can be found below and a video can be found here.

“Thank you, Mr. Chairman and I thank the witnesses for being with us today, some in person, some virtually. We’re going to hear from a private-sector panel of cybersecurity professionals and incident responders who are going to provide us with a unique perspective in each case on what can be done to combat ransomware. Obviously, the frequency and severity of these ransomware attacks continues to concern us because it continues to grow. 

“Ransomware groups have professionalized their operations using a business model, often now called Ransomware as a Service, which involves ransomware developers selling or delivering their malware to individuals called affiliates, who actually carry out the attack. It’s a business model. This allows ransomware gangs to conduct more attacks with broader impact. In March of this year, I released a report documenting the experiences of three American companies victimized by the most notorious Russian ransomware gang called REvil. The companies profiled in the report are from different business sectors and vary significantly in size, revenue, and their IT resources. This was done on purpose to try to show that this is affecting companies of every size and sophistication. Despite these differences, all these companies fell victim to REvil. 

“This underscores the broad threat ransomware presents and the proactive steps all organizations must take to implement cyber security best practices. REvil was largely believed to be offline following the arrests of several key members last fall, but public reports indicate the gang may be resuming operations. We know it is common for ransomware criminals to claim retirement, only to rebrand and re-emerge under a new name. 

“About a year ago, this Committee held a hearing on the Colonial Pipeline ransomware attack. That incident was a painful reminder to many Americans that the attacks have real-world consequences impacting everybody. Recognition of this challenge is one of the reasons Chairman Peters and I drafted cyber incident reporting legislation, which I’m proud to say became law a couple of months ago. This law will enhance our nation’s visibility into cyberattacks against the United States and will enable a more effective response, including warning potential victims. It’s really important that CISA works with industry experts and stakeholders to implement this law immediately. 

“We know ransomware attacks will continue to be a national security threat for the foreseeable future. As the Committee of jurisdiction over cybersecurity, we will continue to work to identify solutions that address these threats associated with ransomware attacks and the ways we can fortify our defenses. Today, we’re going to have testimony from some real experts to ensure that we are making steps in the right direction, and I look forward to that testimony. Thank you, Mr. Chairman.”