Hearing entitled: Held for Ransom: How Ransomware Endangers Our Financial System 

On April 16, 2024, the House Financial Services Subcommittee on National Security, Illicit Finance, and International Financial Institutions held a hearing to discuss the critical issue of ransomware and its implications for the security of our financial system.

Witnesses (testimony linked): 

Jacqueline Burns Koven: Head of Cyber Threat Intelligence, Chainalysis 

Daniel Sergile: Senior Consulting Director, Unit 42 by Palo Alto Networks 

Megan Stifel: Chief Strategy Officer, Institute for Security and Technology 

Kemba Eneas Walden: President, Paladin Global Institute 

Hearing Takeaway: 

While digital assets were not the central theme, they emerged as a key topic due to their role in ransomware economics. The hearing delved into ransomware’s operational intricacies, the alarming rise in payment values despite fewer incidents, and the challenge of ransomware as a service (RaaS) operating beyond U.S. jurisdiction. There was a general acknowledgment that ransomware is a national security issue requiring tight regulation, improved public-private cooperation, and resources to help small businesses strengthen their cyber defenses. The discussion highlighted the effectiveness of blockchain analytics in tracing ransom payments and the potential legislative actions to advance the fight against these cyber threats. 

Member Opening Statements: 

Vice Chair Elaine (R-CA) opened the hearing on ransomware, emphasizing the critical need for a comprehensive understanding of this growing cyber threat that has not been fully addressed since pandemic-related fraud hearings four years ago. She highlighted the vulnerability of all sectors to ransomware, which extorted over $1B in 2023 alone, and underscored the potential for even a single employee error to result in significant breaches. Kim pointed out the real-world impacts of such attacks in her district and beyond, stressing the ongoing threat and the use of AI by cybercriminals to exploit system vulnerabilities. She also touched upon geopolitical dimensions, noting Iran’s role in cyber operations against the U.S. and its allies. Kim called for enhanced congressional awareness and a unified effort to address the ransomware challenge, appreciating the bipartisan approach to tackling this critical national security issue. 

Ranking Member Joyce Beatty (D-OH) thanked the Chair for their collaborative efforts on financial issues and for convening the hearing on the escalating threat of ransomware, particularly highlighting its impact on small and medium-sized businesses and national security. She noted the dramatic rise in ransomware incidents, with the value of attacks increasing from $102 million in 2018 to $1.1 billion in 2023. Beatty stressed the need for bipartisan congressional action to enhance business preparedness and consumer protection and praised the Biden administration and Treasury agencies like FinCEN and OFAC for their efforts in combating these attacks through legislation and strategic initiatives to trace ransom payments. She emphasized supporting these agencies rather than undermining their efforts and expressed a commitment to collaborating across party lines to address this significant national security challenge. 

Witness Statements: 

Jacqueline Burns Koven from Chainalysis emphasized the pivotal role of blockchain technology in countering ransomware during her testimony. As Head of Cyber Threat Intelligence, she outlined how the tool facilitates tracking and disrupting ransomware operations on the blockchain, aiding policymakers and law enforcement. Koven debunked the myth that cryptocurrency transactions are anonymous, noting they are public and traceable. She cited significant successes such as the FBI’s Colonial Pipeline case, where Chainalysis’ data led to substantial seizures of bitcoin. Despite the increase in ransom demands, she noted a decrease in actual payments, suggesting greater difficulty for attackers to profit. Koven advocated for enhanced support from Congress to empower federal efforts with blockchain intelligence, emphasizing a collaborative, whole-of-government approach to sustain pressure on ransomware actors. 

Daniel Sergile from Palo Alto Networks discussed the evolution of ransomware into a significant operational risk across various sectors, emphasizing the increasing sophistication of extortion tactics, including AI-enhanced attacks. He identified vulnerabilities due to insufficient visibility across digital infrastructures and outdated IT systems, particularly in financial services. Sergile recommended strengthening cybersecurity through actions like enhancing incident response strategies, improving infrastructure visibility, leveraging AI, adopting zero-trust architectures, and prioritizing cloud security. He highlighted the importance of collaboration within cybersecurity forums like JCDC, the Ransomware Task Force, and FS-ISAC to enhance collective defense capabilities. Sergile’s testimony did not specifically mention cryptocurrency. 

Megan Stifel, Chief Strategy Officer at the Institute for Security and Technology highlighted the critical role of cryptocurrency in ransomware economies during her testimony. She discussed the Ransomware Task Force’s efforts, which led to a report with 48 recommendations—12 targeting financial services—stressing the need for strict regulation of the cryptocurrency sector to mitigate ransomware payments through compliance with KYC, AML, and CFT rules. Stifel emphasized that despite efforts following significant ransomware incidents substantial progress is needed, especially in the financial sector where cryptocurrency transactions facilitate these criminal activities. She proposed enhancing sector resilience, ensuring adequate resources for investigating financial abuses, and promoting cybersecurity best practices through collaboration between the government and private sectors. Stifel concluded by expressing readiness to continue addressing these urgent cybersecurity challenges. 

Kemba Walden of Paladin Global Institute emphasized the sophistication of ransomware attacks and the necessity for a multi-faceted approach to deter and disrupt these threats. Highlighting the Task Force’s work, she spoke about the importance of raising the cost and lowering the profitability of ransomware. Walden identified the critical moments when ransomware criminals are most vulnerable—during the ‘on and off ramps’ of cryptocurrency transactions where fiat currency and crypto are converted— and stressed the need for quick action between financial services and law enforcement to exploit these vulnerabilities. Concluding with a call to action, she urged for the full implementation of policy recommendations, including those that address legislative gaps in combating ransomware and its financial mechanisms. 

Questioning: 

Vice Chair Young Kim opened the questioning by asking Jacqueline Koven what role digital assets play in ransomware attacks and how law enforcement and congress can work to combat ransomware. Koven explained how bad actors are no longer putting their crypto address on display now. This is an Achilles heel for bad actors; once the address is found blockchain analytics can be used to trace everything and “law enforcement is able to understand the entire ransomware supply chain.” 

Responding to another Rep. Kim question, Megan Stifel emphasized AI’s role in ransomware evolution, while Daniel Sergile stressed foundational cyber hygiene for companies. 

Ranking Member Joyce Beatty addressed the vulnerability of small to medium-sized businesses to ransomware due to limited cyber defense resources. Stifel advocated for the use of grant programs, and Walden proposed tax incentives to promote cybersecurity practices among these businesses. 

Rep. Andy Barr (R-KY) highlighted the national security risk posed by the cybersecurity workforce shortage and queried the targeting pattern of ransomware attacks in relation to cybersecurity insurance holders. 

Rep. Maxine Waters (D-CA) discussed the potential effects of banning ransomware payments, with Walden cautioning that such a ban could severely impact small to medium-sized businesses and emphasized the need to fortify cyber defenses for critical infrastructure. 

Rep. Barry Loudermilk (R-GA) emphasized the importance of trust and public-private partnerships in the aftermath of incidents like the Colonial Pipeline disruption. 

Rep. Wiley Nickel (D-NC) echoed Koven’s remarks on the traceability of cryptocurrency in ransomware cases, with Koven underscoring the need for rapid law enforcement action to prevent fund laundering by bad actors that move quickly. Koven also stated that increased training and resources for law enforcement are needed. 

Nickel also asked why there has been a significant increase in ransomware payments. Walden noted a decrease in the number of ransomware payments but an increase in their average dollar value. 

Rep. Roger Williams (R-TX) questioned the evolution of ransomware and the legislative actions needed to keep pace. Sergile illustrated the use of AI in combatting threat actors, and Koven noted the increasing sophistication of ransomware, suggesting a need for involvement from multiple agencies. 

Koven also analogized it to big game hunting as bad actors are increasingly more sophisticated. Koven flagged how nation state actors engaged in ransomware are being used to obfuscate national politically motivated activities like disruption and espionage and the important to involve multiple agencies because of this. 

Rep. Dean Phillips (D-MN) referred to the significant rise in ransom payments and the need for legal and investigative capacity investment. Stifel discussed the shortage of trained investigators, while Walden highlighted the necessity for enhanced government understanding of investigative tools like blockchain analysis. 

Rep. Zach Nunn (R-IA) inquired about the nature of “Ransomware as a Service” and brought up his Public and Private Ransomware Response Coordination Act, which aims to improve threat detection, information sharing, response time, and threat suppression. Stifel described RaaS operators utilizing services outside of U.S. jurisdiction, while Koven highlighted the impact of public-private partnerships citing how their collaborative work with law enforcement has resulted in freezing North Korean funds and the colonial pipeline resolution.  

Rep. Bill Foster (D-IL) continued to push his Digital ID legislation saying implementing Digital ID is the single most useful thing congress could do. This is the same Digital driver’s license idea he pushed for in last year’s July HFSC markup while Sergile replied that the Digital ID proposed may not be infallible.  

Rep. Dan Meuser (R-PA) focused on what makes certain companies targets for ransomware, with Stifel emphasizing the need for more support for small businesses. 

Rep. Monica De La Cruz (R-TX) wrapped up the questioning by supporting the idea of tax incentives for small businesses to enhance their cybersecurity measures, drawing from her personal experience as a business owner.