The U.S. government lacks a complete picture of ransomware attacks that routinely cripple government and private sector networks, Roll Call reports. An investigation by the Senate Homeland Security and Governmental Affairs Committee released Tuesday found that the government lacks information on how much ransom was paid - typically, in the form of cryptocurrencies - by victims of ransomware attacks. It also found that the federal government "lacks the necessary information to deter and prevent these attacks, and to hold foreign adversaries and cybercriminals accountable for perpetrating them," said Sen. Gary Peters (D-MI).
In 2021, ransomware attacks affected at least 2,323 local governments, schools, and health care providers in the U.S.. That year, the FBI received 3,729 ransomware complaints with adjusted losses totaling $49.2 million. The data drastically "underestimates" the number of attacks and ransoms paid and the FBI considers numbers to be :artificially low," the committee said. The real cost of the attacks could range from several hundred million dollars to as much as $10 billion. Legislation sponsored by Peters and the committee’s top Republican, Sen. Rob Portman of Ohio, became law as part of the omnibus spending bill that passed in March. It is intended to address such gaps in information. The report recommended that federal agencies use a standard format to collect data on ransomware attacks and ransom payments “to facilitate comprehensive analysis.”