Rep. Carolyn Maloney, D-N.Y., chairwoman of the House Committee on Oversight and Reform, sent letters to ransomware victims Colonial Pipeline Company and CNA Financial Corporation to get more information on their respective decisions to pay ransoms, the committee announced today.
The congresswoman is requesting all the documents from each company that regard their respective decisions to pay the ransoms.
“I am extremely concerned that the decision to pay international criminal actors sets a dangerous precedent that will put an even bigger target on the back of critical infrastructure going forward,” Rep. Maloney wrote in her letters. “Congress needs detailed information about ransom payments made to cybercriminal actors to legislate effectively on cybersecurity and ransomware in the United States.”
While Colonial Pipeline is the more recent attack, CNA had the larger ransom. It has been previously reported that CNA paid $40 million to hackers in April after company data was stolen. Colonial Pipeline’s ransom was lower but also substantial. Maloney’s letter to Colonial Pipeline Company CEO references an interview he gave admitting the company paid $4.4 million in ransom the same day the attack was discovered.
In her letters, Maloney specifies she is looking for any writings, recordings, or graphics and to produce any of them they have a legal right to obtain both from current and past company representatives. Maloney’s letters come with a June 17 due date for both companies.
Ransomware is also top of mind for the Biden administration, as the White House recently confirmed that the topic will be on the agenda at President Biden’s summit in Geneva with Russian President Vladimir Putin on June 16.