Responding to a letter from Sen. Tom Carper, D-Del., DHS has said it either detected or received incident reports of ransomware-related activity specifically affecting 29 different agency networks since last June.
Carper, who chairs the Senate Homeland Security and Governmental Affairs Committee, asked DHS and Justice to provide information on the prevalence of ransomeware incidents in which thieves demand payment in order to restore a computer they have locked up with encryption.
According to DHS, not all of the 321 incident reports involved actual infection with ransomware. Some included attempted infection such as phishing emails or instances where ransomware was detected and eliminated before causing any damage.
Most actual infections of this this kind affected end-user workstations that were removed from their networks and replaced with new, clean systems with little impact on the user or agency.
Hospitals, larger organizations and even local police departments have been known to fork over money to get their data back, but DHS said it’s not aware of any instance in which a federal agency has done so.
