Top US Lawmaker Presses Big Companies on Ransomware Crypto Payments

U.S. Rep. Carolyn Maloney (D-N.Y.) wants Colonial Pipeline and CNA Financial to disclose the decision-making processes that led them to pay cryptocurrency to recover data from ransomware attackers.

In letters sent to the firms Thursday, Maloney asked for documents outlining how these victims decided to pay the perpetrators, any documents or communications received from the attackers, whether any government agencies provided input and whether the firms checked to ensure they didn’t violate sanctions.

“I am extremely concerned that the decision to pay international criminal actors sets a dangerous precedent that will put an even bigger target on the back of critical infrastructure going forward,” the chair of the House Oversight Committee said in a statement.

In the letters, Maloney asks for “all responsive documents” that detail how the attack was discovered, whether the companies sought external consultation about paying the ransoms and documents detailing the decryption tools provided by the attackers. She set a June 17 deadline, giving the companies two weeks to gather these materials. 

The letters come as another high-profile firm, global meat producer JBS, begins recovering from a ransomware attack that occurred over the weekend.

A spokesperson for the committee did not immediately return a request for further comment about the focus of the investigation.

Thursday’s letter comes as scrutiny around ransomware attacks and the crypto used to pay these ransoms ramps up in the U.S. government. Earlier in the day, the Department of Justice sent a memo to U.S. attorney offices and branches in all 50 states, asking them to file an “urgent report” if they hear of a significant ransomware attack.

The DOJ is also coordinating ransomware investigations out of a central task force. John Carlin, acting deputy attorney general, told Reuters the goal is to find connections between different actors in an effort to mitigate the entire chain of attacks.

President Joe Biden has also directed the federal government to evaluate how it responds to ransomware attacks. This review will require the federal government to “expand” its cryptocurrency analysis tools, a White House spokesperson said.

The House Homeland Security Committee held a hearing on ransomware payments in May, and has another scheduled on June 9 to conduct a post-mortem on the Colonial Pipeline attack. Maloney is not a member of this committee, but previously published a joint statement with Rep. Bennie Thompson, the Homeland Security Committee chair, saying they were “disappointed” that Colonial did not provide specific information about paying a ransom.

CORRECTION (June 3, 2021, 21:56 UTC): Corrects that the Homeland Security Committee held a hearing last month, not the Oversight Committee.