In the wake of the attack on San Francisco’s Muni transportation over the Thanksgiving weekend, a legislator from California is asking Congress to hold hearings on the ransomware problem and determine whether there are ways that the government can help address the issue in both government agencies and private businesses.
Rep. Ted Lieu (D-Calif.) sent a letter to the leaders of the House Oversight and Government Reform Committee Wednesday, outlining the dangers of ransomware and asking the committee to convene a public hearing to talk about it. Lieu, a computer scientist who is often outspoken on security and privacy issues, said the attack on the San Francisco Municipal Transportation Authority last week highlighted the significant dangers ransomware poses to not just consumers but enterprises and critical infrastructure.
“Ransomware attacks are used against all types of entities, including school districts, law enforcement agencies, government agencies and small and large businesses. At least 14 hospitals were affected this year alone, including three in the Los Angeles area,” Lieu said in the letter.
“These malware attacks have had tremendous economic costs in recent years, and it would seem only a matter of time before we face life-threatening or national security consequences as well. Whether it is a law enforcement agency losing track of a target or critical infrastructure failing to perform, the hypothetical scenarios should not be disregarded.”
“These malware attacks have had tremendous economic costs in recent years.”
On Nov. 25 ransomware infiltrated the network of SFMTA, the agency that runs the Muni public transportation system in San Francisco among other things. The agency said the malware hit about 900 machines on the network and although the ransomware didn’t make it onto the trains or ticket machines, SFMTA was forced to turn off both the fare gates and ticket machines for the entire weekend while it recovered from the attack.
“The malware used encrypted some systems mainly affecting office computers, as well as access to various systems. However, the SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls. Muni operations and safety were not affected. Our customer payment systems were not hacked. Also, despite media reports – no data was accessed from any of our servers,” SFMTA said in a statement.
In his letter to Rep. Jason Chaffetz (R-Utah) and Rep. Elijah Cummings (D-Md.), Lieu said that the escalating nature of ransomware attacks in the last couple of years is an indication that things are only going to get worse, not better.
“These malware attacks have had tremendous economic costs in recent years, and it would seem only a matter of time before we face life-threatening or national security consequences as well,” Lieu said. “Whether it is a law enforcement agency losing track of a target or critical infrastructure failing to perform, the hypothetical scenarios should not be disregarded.”