US Needs ‘Real Time Reaction Team’ to Combat Rise in Ransomware Attacks: Sen. Warner

May 12, 2021 Updated: May 12, 2021

The United States needs to step up its preparation for future ransomware attacks, Senate Intelligence Chairman Mark Warner (D-Va.) said Wednesday.

“We have no actual system in place, to make whether it’s Colonial Pipeline or SolarWinds or any other company, actually mandatorily report that information to the government in real time, so that we could have a full-fledged response,” Warner said on CNBC’s “Squawk Box.”

“We need to put in place an entity that will include the government, the FBI, CISA, but also some of our some of the web services, Amazon, Microsoft, some of the security firms out there—we need a real time reaction team, and unfortunately, we don’t have that right now.”

A cybercriminal group called DarkSide hacked into Colonial’s network last week, according to the FBI, gaining access to information and prompting the company to shut down certain systems, leading to the stoppage of a major pipeline that spans from Texas to New Jersey.

The result has been rising gas prices and shortages in the south and on the East Coast.

DarkSide carried out a ransomware attack, which involves using malicious software to block access to information until a company or individual pays for its release.

According to federal authorities, ransomware attacks are becoming more sophisticated. Victims are seeing more losses, the FBI has said, citing complaints received by the bureau’s Internet Crime Complaint Center and case information.

The bureau and the Cybersecurity and Infrastructure Security Agency (CISA) said in a bulletin on Tuesday that critical infrastructure owners and operators should “operators to adopt a heightened state of awareness and implement the recommendations,” such as requiring multi-factor authentication for remote access to networks, from the agencies.

Epoch Times Photo
Holding tanks are seen in an aerial photograph at Colonial Pipeline’s Dorsey Junction Station in Woodbine, Md., on May 10, 2021. (Drone Base/Reuters)

The Colonial attack highlights how ransomware is “turning into a very lucrative industry” that is supported by cryptocurrencies, which enable attackers to receive payment while staying anonymous, Robert Dauffenbach, senior associate dean of economic development and impact at the University of Oklahoma’s Price College of Business, told The Epoch Times. Attackers received an estimated $350 million in payments in 2020 alone.

Government intervention may be needed to deal with the issue, since many attackers reside outside the United States, he added.

Attackers are more powerful than ever thanks to research and development budget access and increasing amounts of money due to bitcoin’s rise in value, according to Jeremiah Grossman, CEO of Bit Discovery and founder of WhiteHat Security.

“For the forseeable future, we’ll be fighting against some of the most powerful cyber-criminal tooling we’ve ever seen,” he said in a tweet.

Warner is concerned about what would happen if the attacks become broader.

“My concern is this: we see the effect of this ransomware attack against one pipeline company. We saw end of last year, the SolarWinds attack which was generated by Russia, that hit 18,000 companies, luckily, that was only a espionage where they were trying to exfiltrate information,” he said.

“Let’s imagine what would happen if … suddenly you had somebody shutting down 18,000 companies across our economy. We would come to a grinding halt,” he added.

CISA is working on raising the “cyber hygiene” of private industry, as more ransomware attacks are brought against small- to medium-sized businesses, Homeland Security Secretary Alejandro Mayorkas told reporters in Washington on Tuesday. CISA is inside the Department of Homeland Security.

“This threat is not imminent; it is upon us,” he said.

“We are bringing our all-of-government effort, at the president’s direction, to not only address the situation that is upon us today that is galvanizing our attention, of course, but to really focus on critical infrastructure and what we can do to strengthen that critical infrastructure across our government and to make it more resilient to these types of attacks and to raise awareness so that everyone understands the need to prevent and be in a position to respond to these attacks.”

Follow Zachary on Twitter: @zackstieber
Follow Zachary on Parler: @zackstieber