The US government does a very poor job of tracking ransomware (opens in a new tab), according to a Senate committee report.
The Senate Homeland Security and Governmental Affairs Committee released its findings after a 10-month investigation into ransomware attacks and associated cryptocurrency payments.
He said that reports of past attacks are "fragmented and incomplete," with part of the blame being placed on the fact that the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have a "one-stop only". “. shop” for everything related to ransomware reports.
Ransomware Results
The FBI figures, for example, have been described as a "subset of a subset" of actual data, which even the Bureau agrees, saying its data is "artificially low" because it was shared voluntarily.
The committee took ten months to write the report, and in that time a lot has changed. The Senate passed the Cyber Incident Reporting Act of 2021 in March, which required companies to report a malware cyber attack (opens in a new tab) to CISA within 72 hours and a ransomware attack within 24 hours .
Following the new regulations, CISA said at the time that it would immediately share all reports with the FBI. However, the report says that was not exactly the case.
"While the agencies say they share data with each other, in discussions with committee staff, ransomware incident response companies questioned the effectiveness of the impact of these communication channels on assisting victims of an attack," says the report.
Aside from the FBI and CISA, other organizations within the US government, such as the US Treasury, the Transportation Security Administration, and the Securities and Exchange Commission, have their own reporting practices. These only add more complexity to an already complex problem, as they "do not uniformly capture, categorize, or publicly share information."
Via: ZDNet (Opens in a new tab)