U.S. Rep. Carolyn Maloney (D-N.Y.) wants Colonial Pipeline and CNA Financial to disclose the decision-making processes that led them to pay cryptocurrency to recover data from ransomware attackers.
In letters sent to the firms Thursday, Maloney asked for documents outlining how these victims decided to pay the perpetrators, any documents or communications received from the attackers, whether any government agencies provided input and whether the firms checked to ensure they didn’t violate sanctions.
“I am extremely concerned that the decision to pay international criminal actors sets a dangerous precedent that will put an even bigger target on the back of critical infrastructure going forward,” the chair of the House Oversight Committee said in a statement.
In the letters, Maloney asks for “all responsive documents” that detail how the attack was discovered, whether the companies sought external consultation about paying the ransoms and documents detailing the decryption tools provided by the attackers. She set a June 17 deadline, giving the companies two weeks to gather these materials.