DHS official briefs senators on state ransomware threats in classified meeting

Wednesday’s briefing reportedly cited an August ransomware incident that affected 23 local governments across Texas.
Capitol Congress lawmakers legislators Washington D.C.
The measure was just one of several cybersecurity-related issues the committee put into the bill, the text of which was released publicly Thursday. (Getty Images)

The head of the Department of Homeland Security’s cybersecurity division on Wednesday provided senators with a classified briefing on ransomware attacks, the latest indication of the threat the file-locking malware poses to state and local governments.

Chris Krebs, director of DHS’s Cybersecurity and Infrastructure Security Agency (CISA), briefed the Senate Cybersecurity Caucus, a bipartisan group of lawmakers led by Sens. Mark Warner, D-Va., and Cory Gardner, R-Colo. The newest member of the caucus, Sen. Maggie Hassan, D-N.H., confirmed the briefing in a statement.

“From ransomware attacks on local hospitals to a hack of federal government records, cyberattacks pose a serious threat to our communities and national security,” Hassan said.

In the last few years, poorly secured U.S. businesses, schools, and local governments have lost millions of dollars after ransomware infections. Over 100 public-sector ransomware attacks have been reported in 2019 alone, double the amount in 2018. This classified briefing followed an unprecedented, closed-door summit held by the FBI with the private sector in September that sought new ways of combatting ransomware attacks.


Details of specific topics covered during the session were shielded from the public due to the classified nature of the briefing. A CISA spokesperson did not immediately respond to a request for comment on the matter.

The briefing did cite as a case study an Aug. 16 ransomware incident that affected 23 local governments across Texas, according one person familiar with the briefing.

While many details of that attack have still not been disclosed — including the full list of communities impacted — it was initially directed at a managed service provider that transmitted a ransomware virus, alternatively known as Sodinokibi or REvil, to the victims with a $2.5 million demand. None of the victims in that attack are known to have paid the ransom.

The Texas attack prompted a response that included nearly a dozen state and federal agencies, and two ransomware attacks this year in Louisiana resulted in the declaration of statewide emergencies.

The Washington Post reported that Wednesday’s briefing would also cover ransomware’s potential impact on election security and what senators could do to address security vulnerabilities in their states.


The Senate last month passed a bill, sponsored by Gary Peters, D-Mich., and Rob Portman, R-Ohio, designed to create new DHS grants and other programs to help state and local governments defend themselves against cyberattacks, particularly ransomware. A Senate Homeland Security and Government Affairs Committee aide said the panel is currently working with its House counterpart to determine a path forward.

Latest Podcasts