Ransomware payments hit record $1.1B: Report

Ransomware payments skyrocketed in 2023, hitting a record-high $1.1 billion extorted from targets of the schemes, according to a Chainalysis report released Wednesday. 

The New York-based firm’s report details ransomware actors going after companies such as British Airways, as well as targeting infrastructure that yielded a surge of ransom payments.

The 2023 figure is a vast increase from the $567 million extorted in 2022, indicating that ransomware is “an escalating problem,” according to the report. 

Cybercriminal groups have targeted schools, hospitals and casinos. The groups have also gone after wealthier companies. They’ve utilized a “big game hunting” strategy, deploying fewer attacks, but getting bigger payloads with each strike, according to Chainalysis. 

Caesars Entertainment, the casino company, was hit with a cyberattack last September, days after MGM Resorts International, another casino company, reported having “cybersecurity issues,” causing a shutdown of some of the hotel and casino computer systems. 

MGM Resorts had $100 million in recovery costs from the attack. The Chainalysis report does not detail additional losses that often surpass millions of dollars after a break-in occurs. U.S. fuel operator Colonial Pipeline had to shut down operations for several days in May after a ransomware attack. 

On Thursday, the State Department announced a reward of up to $10 million to those who have information that could help identify or locate leaders connected to Hive, a global ransomware gang, known for extorting more than $100 million in ransom payments. The Department of Justice dismantled the group in January last year.


Russian hackers targeted US intel officers in 'sophisticated spear phishing campaign,' DOJ says

Hackers acting on behalf of the Russian government targeted U.S. intelligence officers in a “sophisticated spear phishing campaign” designed to influence elections in the United Kingdom, the Justice Department (DOJ) alleged Thursday.

The operation successfully hacked into computer networks in the U.S., the U.K., Ukraine and other NATO member countries and “stole information used in foreign malign influence operations designed to influence the U.K.’s 2019 elections,” the DOJ said.

The DOJ unsealed a federal indictment Thursday against two individuals connected to the plot, after a federal grand jury in San Francisco returned an indictment Tuesday.

The two individuals charged are Ruslan Aleksandrovich Peretyatko, an officer in Russia’s Federal Security Service (FSB), the DOJ claimed, and Andrey Stanislavovich Korinets. They are each charged with one count of conspiracy to commit an offense against the United States and one count of conspiracy to commit wire fraud.

Along with other unindicted co-conspirators, the defendants were part of the so-called “Callisto Group,” the DOJ said.

The indictment alleges that the hacking campaign took place between at least October 2016 and October 2022 and targeted current and former employees of the U.S. Intelligence Community, Department of Defense, Department of State, defense contractors, and Department of Energy facilities.

The spear phishing campaign often was carried out by sending “sophisticated looking emails” that tricked the targets into providing their log-in credentials, thereby allowing the hackers to access the victims’ email accounts whenever they wanted to, the DOJ said.

Some of the emails were sent from “spoofed” accounts designed to look like other personal and work-related emails the victims would receive, the DOJ said. Sometimes, the emails claimed the users had violated terms of service on an account and had to log in via a provided link. When the users thought they were signing into their accounts, they were actually providing the account credentials to hackers, the DOJ said.

U.S. officials pointed to the indictments as evidence that Russia still is trying to target democratic elections, and they pledged to hold Russia accountable.

“Today’s indictment is part of a coordinated international response to send a message to the conspirators that the whole of the United States government stands together and with our partners internationally to identify and disrupt cyber espionage actors, particularly those seeking to obtain government information and attempting to create chaos in democratic processes,” U.S. attorney for the Northern District of California, Ismail Ramsey, said in the press release.

 Assistant Attorney General Matthew Olsen claimed that the indictment reveals that the “Russian government continues to target the critical networks of the United States and our partners,” and he pledged to hold them accountable.

“Through this malign influence activity directed at the democratic processes of the United Kingdom, Russia again demonstrates its commitment to using weaponized campaigns of cyber espionage against such networks in unacceptable ways,” Olsen said. “The Department of Justice will respond to such behavior with an even more determined commitment to disrupt those activities and to hold accountable the individuals responsible.”


Keeping children safe in a rapidly changing digital landscape

Twenty years after starting as an intern at an organization to help create a safe media environment for children, Josh Golin is leading the group’s efforts as its executive director.  

The mission of Fairplay for Kids, formerly known as the Campaign for a Commercial-Free Childhood, has stayed the same. But along the way, Golin, who took over as executive director in 2015, has seen how its target shifts.

“When I started doing this work, we were primarily focused on things like television commercials, and junk food marketing to kids and the childhood obesity epidemic,” he told The Hill in a recent interview.

Those issues are still a concern, but Golin said the rise of social media was a turning point, specifically pointing to the launch of YouTube Kids in 2015.

“That really precipitated a shift where we started looking at the design of platforms. And not just looking at the effects of the actual advertisements and marketing on children, but really looking at the entire ecosystem and how it was built for advertisers at children’s expense as kind of being the core and key issue,” Golin said.

Golin first found his way to the group after working at Miramax in the late 1990s. He said the studio was working on the film “Spy Kids” at the time and made a deal with McDonald’s for promotion.  

“That really led me to start thinking about how commercial forces in children’s lives were this enormous force that didn’t necessarily care about children’s well-being. And I have strong beliefs that the institutions and people that are the primary influences on children’s lives should actually care about their well-being,” Golin said.

He went back to school for a master’s degree in child development, joined the organization as an intern and stayed to continue the work over the next two decades.

Golin said a big milestone moment was in 2019, when the Federal Trade Commission (FTC) settled with Google over illegal data collection on YouTube, triggered by a complaint the Campaign for a Commercial-Free Childhood filed along with the Center for Digital Democracy.  

The settlement required Google and its subsidiary YouTube to pay $170 million to settle allegations of collecting personal information from children without their parents’ consent, in violation of the Children’s Online Privacy Protection Act (COPPA). In response, YouTube also published a blog post about updates to better protect data for children’s content.

“We don’t think that settlement was strong enough. It should have been for more money. There should have been different ways about the way it was implemented. But it was really important. It was the first time a major platform was forced by regulators to change how they were interacting with children,” Golin said.

That outcome led the group to change its focus on advocacy work. Before then, the group was active at the FTC mostly to garner media attention or pressure the companies to change, he said.

“We had zero faith that regulators would actually do something with the evidence that we were bringing to them. And 2019 really was an eye-opener,” he said.  

Recently, Fairplay and other advocacy groups have been advocating fiercely for Congress to pass two bills: COPPA 2.0, which would update the data privacy rules for minors, and the Kids Online Safety Act (KOSA), which would create a duty of care for social media platforms to prevent harm. KOSA would give the FTC and state attorneys general enforcement authority.  

Both bills advanced out of the Senate Commerce Committee with bipartisan support in July. The bills also received bipartisan support from the committee last year but failed to make it to a full floor vote before the end of the session.  

Although they have bipartisan support, there is a coalition of LGBTQ rights groups that have raised concerns that KOSA could be weaponized by state attorneys general to censor information about LGBTQ health. 

Golin said he understands the concerns raised, but the current version of the legislation has narrowed the definition of duty of care “to such a way that there is no legal way for an attorney general to use that to censor LGBTQ content.”  

“I think that the opponents of KOSA are making a lot of assumptions and using a lot of hypotheticals and stating that as if those are 100 percent what’s going to happen. And we fundamentally disagree with those hypotheticals,” he said.  

“I would not support a bill if we believed it was going to be used in ways that was harmful to LGBTQ children,” he added.

Golin said he’s also been encouraged in the space by building momentum, especially since whistleblower Frances Haugen stepped forward two years ago with internal company documents and allegations that Facebook, now under the parent company name Meta, prioritized profits over kids’ safety. Meta has pushed back on Haugen’s allegations. 

“It’s gone from being a very lonely space where raising awareness was the best possible outcome, to being an advocacy space where we have so many partners, so many different types of partners, and where it feels like policy solutions are possible,” Golin said.  

President Biden also urged Congress to pass legislation aimed at protecting kids online during his State of the Union address, and dozens of states last month sued Meta over allegations it designed and deployed features that harmed young users. 

“Our eggs are not all in one basket,” Golin said.  

“We’re not dependent on one of these things to get the job done,” he said.  

Golin said the advances he’s seen so far keep him motivated to continue.  

“It would be hard to do something for 20 years if you didn’t feel like we were making enormous progress,” he said.

He also said working with parents who advocate on behalf of children they lost after experiencing cyberbullying or other harms on social media has been the “most motivating experience of my entire life.”

“These are parents who have experienced the absolute worst the internet has to offer, and they are fighting for change every day,” Golin said.

“And if they can keep going after what they’ve been through, I certainly can, too,” he added.


Ransomware attack forces hospitals in multiple states to divert some emergency room patients

Hospitals in multiple states have been diverting patients from their emergency rooms due to a recent cyberattack on a major health system.

Ardent Health Services, a company that owns hospitals in six states, said Monday that it had been victimized by a cyber event on Thanksgiving that turned out to be a ransomware attack.

“As a result, Ardent proactively took its network offline, suspending all user access to its information technology applications, including corporate servers, Epic software, internet and clinical programs,” Ardent said in a Monday statement.

Ardent in the statement said that out of “an abundance of caution,” its hospitals were rescheduling “some non-emergent, elective procedures and diverting some emergency room patients to other area hospitals until systems are back online.”

According to NBC News, Ardent said the attack occurred in states including Oklahoma, Texas and New Mexico. 

NBC reported that spokespeople at three Ardent-owned hospital chains told their reporters that some emergency rooms were being diverted as Ardent dealt with the cyberattack.

Ardent in its statement said its patient care, however, continues to be delivered “safely and effectively.”

“In the interim, while this incident results in temporary disruption to certain aspects of Ardent’s clinical and financial operations, patient care continues to be delivered safely and effectively in its hospitals, emergency rooms, and clinics,” Ardent said in its Monday statement.

Ardent said it “cannot confirm the extent of any patient health or financial data that has been compromised.”

“The investigation and restoration of access to electronic medical records and other clinical systems is ongoing,” the Ardent statement read. “Ardent is still determining the full impact of this event and it is too soon to know how long this will take or what data may be involved in this incident.”

In a statement emailed to The Hill, Ardent said each of its hospitals “will continue to evaluate” their “ability to safely care for critically ill patients” in their Emergency Rooms.

“Because this is rapidly changing and dependent upon a number of factors, we will continue to update our status as the situation changes,” the emailed statement read. “All hospitals continue to provide a medical screening exam and stabilizing care to any patients arriving at our Emergency Departments.”

Updated 2:37 p.m.


Majority in new survey worried about being tricked by scammer

The majority of respondents in a new survey say they are worried about being tricked by a scammer, making it the second-highest crime concern for Americans.

In a Gallup survey released Tuesday, 57 percent of respondents say they either frequently or occasionally worry about being tricked by a scammer or providing access to a financial account.

That concern ranks only behind the worry of being the victim of identity theft, which concerns 72 percent of Americans. Getting one’s car stolen or broken into is the only other crime that concerns a majority of Americans, with 51 percent saying they worry about it frequently or occasionally.

Asked to indicate which crimes they worry about frequently or occasionally, 44 percent selected home burglary when they were not home; 42 percent selected having a school-aged child physically harmed while attending school; 37 percent said getting mugged; 33 percent said being attacked while driving a car; 30 percent said being a victim of a hate crime; 28 percent said getting murdered; and 27 percent said being sexually assaulted.

The Gallup survey suggested people’s concerns about scammers may be justified. Asked to indicate which crimes they have experienced or someone in their household has experienced in the past 12 months, 8 percent said they have been tricked by a scammer into sending money or providing access to a financial account, and 15 percent said someone in their household has been victimized by this crime.

Eleven percent of respondents said they have been the victim of identity theft; 9 percent said they personally have had their home, property or car vandalized; and 9 percent said they personally have had money or property stolen from them. Sixteen percent said these crimes happened to someone in their household.

This year marked the first time Gallup included scamming in its annual measure of Americans’ crime victimization.

While every subgroup of Americans seemed susceptible to scammers, U.S. adults who have not graduated college and those with lower incomes were more likely to report falling victim to scams in the past 12 months.

Twenty percent of respondents with an annual income of less than $50,000 reported someone in their household fell victim to a scammer, including 12 percent who identified themselves as the victim. Twenty-one percent without a college degree said someone in their household was a victim of a scam, including 11 percent who identified themselves as the victim.

Contrary to some beliefs, younger people reported more often falling victim to scams in the past 12 months: 22 percent of adults ages 18-29 said someone in their household was scammed, including 10 percent who said they were personally; 17 percent of adults ages 30-49 reported someone in their household was scammed, including nine percent who said they were personally.

Adults ages 50-64 were least likely to report falling victim to a scam, with 9 percent reporting someone in their household falling victim to a scam, including 5 percent personally. Thirteen percent of adults ages 65 and older fell victim to a scam, including 9 percent who personally have been.

The survey was conducted Oct. 2-23 and was based on telephone interviews with 1,009 U.S. adults. The margin of error is 4 percentage points.


Republican congressman says labor crunch biggest threat to US cybersecurity

Rep. Andrew Garbarino (R-N.Y.) said during a Thursday morning event that labor shortages within the cyber sector present the biggest long-term threat to U.S. cybersecurity. 

“Workforce — in five years, if we don’t fix this workforce problem, that is probably the biggest threat that we have toward ensuring that when it comes to cybersecurity,” Garbarino said. 

The GOP lawmaker spoke at a panel hosted by Punchbowl News, where he discussed the future of cybersecurity and artificial intelligence’s (AI) place in it.

Garbarino stressed that the workforce shortage in the cyber sector, which, according to cybersecurity workforce analytics platform Cyber Seek, currently sits at more than 570,000 job openings, creates opportunities for “bad actors” such as China, Russia, Iran and North Korea to “attack” companies and the U.S. government. 

It’s not only the shortage of workers that concerns Garbarino, but the pressure building across sectors to hire highly skilled workers equipped to fight against ransomware and other attacks.

Garbarino began sharing these concerns about the ongoing labor crunch in June during a House Homeland Security Committee subpanel hearing. 

“We need not only enough people, but the right people with the right skills in the right jobs to meet the growing cyber threat,” Garbarino said.

Former National Cyber Director Chris Inglis, who urged the government to hire more workers in cyber and tech during that same hearing, mentioned that the administration has “been successful in filling two-thirds of the jobs that have the word ‘cyber’ and [‘information technology’] in it, and that’s the good news.” However, he said that there is still more that needs to be done. 

For Garbarino, part of the solution is not only strengthening partnerships in the private and public sectors, but shrinking the information gap between the sectors about the rapid development of AI. 

“It is a steep learning curve, even for me, because AI can touch so many different aspects — there’s a whole cybersecurity aspect when talking about AI,” Garbarino said. 

The lawmaker also said that Congress could contribute to solving the workforce deficit by incentivizing schools, through additional funds, to adjust the curriculum that offer cyber-related classes. 

“We can help give money to schools — I’m talking about K-12 — to change the curriculum, so people are starting to focus on cyber at a young age,” Garbarino said. 


Vietnam agents tried to plant spyware on phones of US lawmakers and journalists: probe

Vietnamese government agents apparently targeted several U.S. lawmakers and journalists with spyware using public posts on X, the platform formerly known as Twitter, according to an investigation by Amnesty International and a consortium of media outlets.

Rep. Michael McCaul (R-Texas) and Sens. John Hoeven (R-N.D.), Chris Murphy (D-Conn.) and Gary Peters (D-Mich.) were all tagged in posts earlier this year that featured malicious links to install Predator, a spyware similar to Pegasus, the investigation found.

McCaul, who serves as the chairman of the House Foreign Affairs Committee, was allegedly targeted in a reply to a tweet from Taiwan’s Ministry of Foreign Affairs, while Hoeven was allegedly targeted in a reply to a post from Taiwanese President Tsai Ing-wen about the senator’s visit.

Peters, the chairman of the Senate Homeland Security Committee, and Murphy, a member of the Senate Foreign Relations Committee, were both tagged in a reply to a tweet from an Albanian politician about their visit to the Balkan nation.

CNN, its chief national security analyst Jim Sciutto and two other reporters based in Taiwan were also targeted with malicious links to install the Predator spyware, the investigation found.

Most of the posts on X came from the account @Joseph_Gordon16, which has since disappeared from the social media platform, and often included links that mimicked news sites. 

The Washington Post reported that none of the targeted individuals it reached out to said their devices had been infected with the spyware. The Post was part of the consortium of outlets participating in the investigation.

Amnesty International said its findings “suggest that agents of the Vietnamese authorities, or persons acting on their behalf, may be behind the spyware campaign.”

The group said Vietnam’s Ministry of Public Security had signed a deal with a company tied to Predator’s developers through what researchers dubbed the “Intellexa alliance” and appeared to receive technology shipments through its intermediaries.

“The combination of technical research and evidence of Intellexa alliance sales to Viet Nam, suggests that the operator of the account had close links to Viet Nam and may have been acting on behalf of Vietnamese authorities or interest groups,” Amnesty International said in its report.

The Post reported that the Vietnamese government declined to comment. The Hill has reached out to Vietnam’s Embassy in Washington for comment.


Jury selection to begin in trial of fallen cryptocurrency mogul Sam Bankman-Fried

NEW YORK (AP) — Sam Bankman-Fried, a tech wunderkind who once promoted his FTX digital coin exchange as a safe way for regular people to get into cryptocurrency, faces the start of a criminal trial over allegations that he cheated thousands of customers.

Jury selection begins Tuesday in New York in a case in which the 31-year-old crypto mogul, once a billionaire, faces the possibility of a long prison term.

Prosecutors say he defrauded thousands of people who deposited cryptocurrency on the FTX exchange by illegally diverting massive sums of their money for his personal use, including making risky trades at his cryptocurrency hedge fund, Alameda Research. He’s also accused of using customer money to buy real estate and make big political contributions as he tried to influence government regulation of cryptocurrency.

U.S. Attorney Damian Williams, who is overseeing the prosecution, has called it one of the biggest frauds in the country’s history.

In interviews and social media posts, Bankman-Fried has acknowledged making huge mistakes while running FTX but insisted he had no criminal intent.

He has blamed FTX’s collapse last November, in something equivalent to an old-fashioned bank run, on vindictive competitors, his own inattentiveness and fellow executives who he said failed to manage risk properly.

“I didn’t steal funds, and I certainly didn’t stash billions away,” he said in a post earlier this year on the online platform Substack.

As recently as early last fall, Bankman-Fried portrayed himself as a stabilizing force in the cryptocurrency industry. He spent millions of dollars on celebrity advertisements during the 2022 Super Bowl that promoted FTX as the “safest and easiest way to buy and sell crypto” and “the most trusted way to buy and sell” digital assets.

Comedian Larry David, along with other celebrities such as football star Tom Brady and basketball star Stephen Curry, have been named in a lawsuit that argued their celebrity status made them culpable for promoting the firm’s failed business model.

Bankman-Fried is charged with wire fraud and conspiracy. The trial is expected to end before Thanksgiving.

Bankman-Fried agreed to be extradited to the United States after his arrest in the Bahamas last December, weeks after the FTX’s abrupt collapse as customers pulled deposits en masse amid reports questioning its financial arrangements.

While his plane to the U.S. was in the air, authorities announced that two of his top executives had secretly pleaded guilty to fraud charges and were prepared to testify against him. They were Bankman-Fried’s former girlfriend Carolyn Ellison, who had been the chief executive of Alameda Research, and Gary Wang, who co-founded FTX.

Initially freed on a $250 million personal recognizance bond, Bankman-Fried was confined to his parents’ home in Palo Alto, California, until Judge Lewis A. Kaplan ordered him jailed last month after concluding that he’d tried to influence witnesses including Ellison and an FTX general counsel.

His lawyers have appealed that decision and repeatedly said their client can’t properly prepare for trial. But the 2nd U.S. Circuit Court of Appeals rejected an appeal of the detention order, saying the judge had thoroughly considered all relevant factors and defense arguments were unpersuasive.


Rising cyberattacks on schools put students at risk

Cyberattacks on schools put students in a dangerous position as many struggle to understand the specific risks after an attack.

Education has become the fifth most targeted industry for data breaches, according to a recent report from Nord Security, with U.S. schools experiencing a sharp increase in hacks in recent years.

American children typically lack the financial data often sought in a cyber strike, but experts warn about the potential for long-term identity theft and emotional distress these events can leave behind, in addition to interfering with directly with classes.

“No matter how you conceive of the issue, these incidents are getting more significant, more severe,” said Doug Levin, national director for K-12 Security Information eXchange (K12 SIX). “You could measure that in terms of the amount of money responding to these incidents costs, [or] it could be in the amount of data or sensitivity of the data that is being stolen and leaked.”

The Government Accountability Office (GAO) said the “scale and number of attacks” particularly soared during the COVID-19 pandemic, when most schools had to go to remote learning. The most common types of cyber strikes against educational institutions include ransomware, phishing, distributed denial of service attacks and video conferencing disruptions.

K12 SIX found 1,619 cyberattacks on schools from 2016-22. The two biggest from last year targeted the public school districts in New York City and Los Angeles.

“Unfortunately, as expected, data was recently released by a criminal organization,” Alberto M. Carvalho, superintendent of Los Angeles Unified School District, said at the time. “In partnership with law enforcement, our experts are analyzing the full extent of this data release.”

Some of the consequences for schools during a data breach are obvious, including hackers getting access to bank and other financial information of employees. 

But students and parents face their own unique challenges in the aftermath, including sometimes missing school days as criminals hold systems hostage.

“Ransomware is the type of incident that has led to school closures,” Levin said, adding that such incidents have resulted in “school districts out millions of dollars, sometimes paying extortion demands of ransomware actors, other times spending that money just in remediating what it allowed to be compromised in the first place.”

The GAO found school districts can lose anywhere from $50,000 to $1 million after a breach.

The attacks have led to “days that schools have had to shut down and not be able to provide services or had other disruptions to the day-to-day work of schools and teachers and kids,” Levin said. 

And while many students have little financial information in the school system, their profiles can be surprisingly attractive to criminals.

“We basically have an environment in which we have hundreds of thousands of minors who have clean credit reports, so identity theft is a very real concern,” said Linnette Attai, president of PlayWell LLC, a data privacy consulting firm.

Identity theft for students is a particularly hard issue to tackle, especially for the very young. While adults may be able to notice right away if someone is trying to take over their bank account, students might not find out for years to come.

“We actually strongly encourage all parents, not just parents whose kids have been victimized by an incident in school, that all parents freeze their credit records of their children,” Levin said.

And even if there is no specific financial damage, experts say cyberattacks on schools can leave behind an environment of fear. 

“What this causes for students and parents is — and I don’t think this can be understated — is tremendous mental and emotional anguish. Imagine that your very life was out there for strangers to see you … what you ate for lunch, how you did in class, whether you acted up that day, how many times you go to the school nurse and for what and how many sit-ups you did in gym class,” Attai said.

“Whether or not you have special tutoring or accommodations, whether or not you’ve got an [Individualized Educational Plan] or have certain vulnerabilities, special needs. All of that was just out in the open for people with bad intentions to see. It’s incredibly distressing,” she added.


Casino giant Caesars reports cyberattack

Caesars Entertainment, the casino company, reported that it was hit by a cyberattack Thursday, according to The Associated Press.

In a report to federal regulators, the company said its casino and online operations were not disrupted. The reported cyberattack comes after MGM Resorts International, another casino company, said “cybersecurity issues” resulted in a shutdown of some casino and hotel computer systems Sunday.

Caesars told the Securities and Exchange Commission that it couldn’t guarantee the security of personal information about tens of millions of customers in the wake of a data breach Sept. 7. Information that could’ve been exposed includes driver’s license and Social Security numbers of loyalty rewards members.

“We have taken steps to ensure that the stolen data is deleted by the unauthorized actor,” the company said, according to the AP. “Although we cannot guarantee this result.”

The FBI is investigating the MGM incident.

In a statement to The Hill, the agency confirmed it is investigating but would not provide additional details citing ongoing investigations.

The Hill has reached out to Caesars Entertainment and MGM Resorts International.

Updated at 3:24 p.m.