Connect with the House Financial Services Committee
Get the latest news: https://democrats-financialservices.h...
Follow us on Facebook:   / housefinanci.  .
Follow us on Twitter:   / fscdems  
___________________________________

On Tuesday, April 16, 2024, at 10:00 a.m. (ET) Subcommittee on National Security, Illicit Finance, and International Financial Institutions Chair Congressman Luetkemeyer and Ranking Member Congresswoman Beatty will host a hearing entitled, “Held for Ransom: How Ransomware Endangers Our Financial System."

___________________________________

Witnesses for this one-panel hearing will be:

• Ms. Jacqueline Burns Koven: Head of Cyber Threat Intelligence, Chainalysis

• Mr. Daniel Sergile: Senior Consulting Director, Unit 42 by Palo Alto Networks

• Ms. Megan Stifel: Chief Strategy Officer, Institute for Security and Technology


___________________________________

Hearing Goals

The hearing will provide Members of the Financial Services Committee (Committee) with the opportunity to:

• Understand how ransomware attacks occur in real time;
• Analyze how ransomware has changed in a post-COVID 19 world; and
• Develop policy solutions to impede ransomware attacks.

Additionally, this hearing will enable Members to gain insight into the current threat landscape of the ransomware industry and how victim organizations deal with the consequences of a ransomware attack. While attacks may affect industries outside of the Committee’s jurisdiction, financial institutions (FIs) play an integral role in processing ransomware payments and cybersecurity defense

Background

Ransomware is defined as “malicious software, or malware, that prevents an individual from accessing computer files, systems, or networks and demands a ransom payment for their return.” The software or malware attacks a system by encrypting files in an organization’s system, holding the data captive, until the victim organization pays a sum of money. Attackers can infiltrate a victim’s system in several different ways, including phishing, adware, corrupting email addresses, corrupting email attachments, and visiting malware embedded websites. There are many different types of ransomware, and criminals are creating new methods of attack every day.

One of the most common ways to initiate an attack is through the “ransomware as a service” (RaaS) model. RaaS occurs when “attackers, known as affiliates, ‘rent’ usage of a particular ransomware strain from its creators or administrators, who in exchange get a percentage of the payment from each successful attack that the individual affiliates carry out.” The RaaS model is one that has generated some of the most successful attacks in the ransomware ecosystem, with law enforcement indicating that it expects RaaS attacks to only grow in future years.

RaaS allows a few, strong ransomware strains to exist in the ecosystem, but grants countless interested outsiders, known as affiliates, the ability to utilize a strain in a pay-to-play environment. RaaS affiliates pay for an available, proven ransomware strain, in the darknet market ethos that is tailored to a specific victim targeted by an affiliate.

ALPHV-BlackCat (ALPHV) is arguably one of the most notorious RaaS strains. However, ALPHV “is… selective in the affiliates it allows to use its malware, actively recruiting and interviewing potential candidates for their hacking capabilities.” Because of its success, RaaS is becoming a more prolific and advanced tool for attackers, particularly as more interest, and success, arise in the field.

The first instance of ransomware was reported in 1989 but became notable in 2012 when the Federal Bureau of Investigation (FBI) announced a “New Internet Scam”, ransomware. This novel ‘drive-by malware’ would lock a victim’s computer when a compromised file was downloaded by clicking a link on a fake website. To unlock the compromised computer, a victim was required to pay a “fine” using a prepaid money card service. From 2012 to the present day, ransomware actors have evolved attack methods and payment methods to circumnavigate law enforcement and expedite the payments of ransomware.

Ransomware attackers move stolen funds, including cryptocurrency, in several different ways. For cryptocurrency, attackers extract funds from victims in one of two ways: high-risk exchanges or custodial crypto mixing services (“mixers”). According to financial forensics firms, a high-risk crypto exchange embodies little to no legal/regulatory compliance requirements. A crypto mixer “blends the cryptocurrencies of many users together to obfuscate the origins and owners of the funds.”5 Crypto mixers are unique because cybercriminals can “clean” their stolen funds alongside genuine, non-criminals utilizing the platform, thus obfuscating...

___________________________________
Hearing page: https://democrats-financialservices.h...