House Republican Teases FTC Ransomware Legislation
House Consumer Protection Subcommittee ranking member Gus Bilirakis, R-Fla., will soon introduce legislation to ensure the FTC is “focused on ransomware” and working with a broad group of law enforcement agencies, House Commerce Committee ranking member Cathy McMorris Rodgers, R-Wash., announced at a subcommittee hearing Tuesday. She cited recent ransomware attacks on Colonial (see 2106110031) and others as reasons for Congress to act. Bilirakis isn’t a member of the House Oversight Subcommittee, which held the hearing with testimony from Microsoft and FireEye. Last year, more than 2,400 organizations were victimized by ransomware attacks with a financial impact of about $500 million, said Microsoft Assistant General Counsel Kemba Walden. Subcommittee Chair Diana DeGette, D-Colo., cited a Microsoft report claiming more than 99% of cyberattacks could be prevented with multifactor authentication deployed. She asked if Congress should mandate such requirements through legislation, and Walden agreed. House Commerce Committee Chairman Frank Pallone, D-N.J., cited the Biden administration’s recent efforts to combat ransomware, including a new ransomware website (see 2107150036) and efforts to make it more difficult for hackers to transfer funds using digital currency. Victims pay to accelerate the process of recouping their business operations or because it’s in the best interest of protecting their data and customer data, said FireEye-Mandiant Senior Vice President Charles Carmakal. This is despite the lack of guarantees the compromised data will be deleted, he said: Victims do anticipate that stolen data is eventually published “at a later point in time.”