DHS: Einstein working to stop ransomware attacks


Written by

The Department of Homeland Security’s Einstein program is helping to block malicious software that uses encryption as an extortion tool, officials say, but ransomware cost the private sector $24 million last year and the government is also being attacked.

“Einstein capabilities are equally effective at detecting and blocking ransomware attack as with any other type of known malware,” DHS told the Senate Homeland Security Committee, in a response released this week.

The FBI’s Internet Crime Complaint Center reported that individuals filed 7,694 ransomware complaints since 2005, with losses totaling about $58 million, according to a response by the Department of Justice to the same senate committee. 

And in a separate figure given to FedScoop by the bureau, there were $24 million in victim losses just last year.

Ransomware can infect computers through phishing attacks, as well as malicious links or downloads. Once installed on a victim’s computer, it automatically encrypts documents and other data on the infected hard drive. To get the key needed to decrypt their data, victims must pay a ransom, generally anywhere between $200 and $10,000, usually with Bitcoin or another anonymous digital currency.

Since June 2015, DHS told the committee, there had been 321 ransomware incidents reported by 29 different agencies. Not every report was a successful attack, according to the response, and many were stopped by agencies’ security centers. 

When ransomware did infect a fed’s computer, “the system was removed from the network and replaced with a new, clean system with minimal impact to the user and agency,” the response said. 

No agency had ever paid a ransom, DHS said.

DHS Secretary Jeh Johnson defended Einstein in January, after a scathing Government Accessibility Office report and other officials claimed the program depended on dated technology and wasn’t meeting expectations. The newest phase, Einstein 3A, successfully blocked many attacks and defends the majority of the government, Johnson said.

While Einstein and other programs may be stopping some attacks, the virus is constantly changing and morphing, making it hard for defenders to create a comprehensive solution, said John Miller, director of ThreatScape Cyber Crime at iSIGHT Partners.

Ransomware has ravaged through the private sector, becoming the culprit behind many attacks on hospitals in the last month, including Methodist Hospital in Kentucky. On Tuesday, MedStar Health Hospital in Baltimore shut down all networks after a virus denied the hospital access to their computers. For about two days, the hospitals had to use a paper back-up system. While hospital officials did not say the attack was ransomware, many employees and sources said the virus required them to pay a fee to enter, according to The Washington Post.

In both sector, common sense might be the best defense, Miller said. He recommended companies and agencies to back-up their data and be cautious of suspicious emails and downloads.

“The government has the responsibility to monitor these types of attacks, but the issue is more than that,” Miller said. “There needs to be work done to empower people and workers to protect themselves and learn how to be ready for the worst.”

Contact the reporter on this story via email: Jeremy.Snow@FedScoop.com. Follow him on Twitter @JeremyM_Snow. Sign up for the Daily Scoop — all the federal IT news you need in your inbox every morning — here: fdscp.com/sign-me-on.

-In this Story-

Agencies, Cybersecurity, Defense & Intelligence, Department of Homeland Security (DHS), Department of Justice (DOJ), Departments, Government IT News, ransomware, Senate Homeland Security and Governmental Affairs Committee, Tech
TwitterFacebookLinkedInRedditGoogle Gmail