Hillicon Valley — Presented by LookingGlass — Hackers are making big money

Today is Friday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: digital-release.thehill.com/newsletter-signup.

The Treasury Department released a report Friday illustrating the massive financial toll ransomware attacks have taken in the first half of 2021 alone, with the report showing millions in ransomware payments made by victims.

Meanwhile, Netflix chose to fired an employee who was planning to lead a transgender walkout due to an alleged data leak. 

Follow The Hill’s cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@millsrodrigo) and Rebecca Klar (@rebeccaklar_), for more coverage.

Let’s jump in.

Treasury reports massive increase in ransomware payments in first half of 2021 

A report released by the Treasury Department Friday found that around $590 million had been paid by victims of ransomware payments to their attackers in the first six months of 2021, as such attacks skyrocketed. 

The findings were part of a report released by the Treasury’s Financial Crimes Enforcement Network’s (FinCEN), which concluded that based on suspicious activity reports filed during the first half of 2021, “ransomware is an increasing threat to the U.S. financial sector, businesses, and the public.”

Just over 450 ransomware payments were reported to FinCEN between the beginning of January through the end of June, with the amount of suspicious activity reports increasing by 30 percent from last year. The amount paid by victims also massively increased compared to 2020, when $416 million was paid out over the entire year. 

“Ransomware actors are criminals who are enabled by gaps in compliance regimes across the global virtual currency ecosystem,” Deputy Treasury Secretary Wally Adeyemo said in a statement Friday. “Treasury is helping to stop ransomware attacks by making it difficult for criminals to profit from their crimes, but we need partners in the private sector to help prevent this illicit activity.”

The report found that bitcoin was the most common payment method for victims to pay ransomware demands, highlighting an increasing area of concern for officials as a result of ransomware payments. The Treasury Department issued its first sanctions against a virtual currency exchange last month, targeting SUEX CO. for allegedly facilitating ransomware payments. 

Read more here.

A MESSAGE FROM LOOKINGGLASS

 

In 2021, LookingGlass observed 170,000 instances of DIB assets acting as C2s for malware. Learn how LookingGlass can provide a global attack surface view to better protect critical infrastructure.

NETFLIX IN HOT WATER

Netflix has fired the individual who was planning the transgender employee walkout to protest the David Chapelle special over an alleged data leak at the company.

The employee who was fired, who is Black and pregnant, was a leader of the transgender employee resource group and organizing the Oct. 20 walkout, The Verge reported. The employee asked to remain anonymous due to fear of backlash. 

“We have let go of an employee for sharing confidential, commercially sensitive information outside the company,” a Netflix spokesperson said in a statement to the outlet.

“We understand this employee may have been motivated by disappointment and hurt with Netflix, but maintaining a culture of trust and transparency is core to our company,” they added.

Many spoke out against Netflix after the David Chapelle special was aired, as people said his comments were transphobic and the company should not have allowed it on its platform. 

Read more here.

POTENTIAL PLEA DEAL

An associate of former President Trump‘s son-in-law Jared Kushner has entered plea discussions concerning cyberstalking allegations, according to Bloomberg News.

Ken Kurson, who was previously pardoned by Trump over similar allegations at the federal level, was charged with two felonies in August for allegedly using spyware to monitor his former wife’s computer activity.

Kurson is accused of using the spyware to access the passwords to his former wife’s emails and social media accounts. During their divorce proceedings, Kurson also allegedly stalked and threatened several people.

Manhattan District Attorney Cy Vance Jr. (D) pledged earlier this year to charge Kurson at the state level.

Read more here.

 

A MESSAGE FROM LOOKINGGLASS

 

Protect critical infrastructure with an outside-in approach and actionable threat intelligence. Learn how LookingGlass can help mitigate vulnerabilities, exposures, and threats before an attack occurs.

BITS AND PIECES

An op-ed to chew on: Frances Haugen is the exception, not the rule

Lighter click: Happy Halloween!

Notable links from around the web:

The Fight for Sneakers (The New York Times / Daisuke Wakabayashi)

Sex Workers Say Mastercard Ignored Their Concerns About New Regulations (Motherboard / Samantha Cole)

Facebook’s Fall From Grace Looks a Lot Like Ford’s (Wired / Mar Hicks)

One last thing: ICYMI, Missouri officials aren’t happy

The Missouri Department of Elementary and Secondary Education (DESE) has labeled a journalist a “hacker” with Gov. Mike Parson (R) threatening legal action after the journalist warned the department there were security flaws on its website.

A journalist from the St. Louis Post-Dispatch alerted the education department to a security flaw on its website that showed more than 100,000 teachers’ Social Security numbers.

The outlet delayed publishing the story to give the department time to fix the problem, with the department, at first, working with the outlet on the issue and saying it would give updates to the Post-Dispatch.

“We have worked with our data team and the Office of Administration Information Technology Services Division to get that search tool pulled down immediately, so we can dig in to the situation and learn more about what has happened,” department spokeswoman Mallory McGowin told the outlet Tuesday with plans to give more information on Wednesday.

However, the department backed out of the Wednesday plan and instead released a statement saying the flaw was found by a hacker.

The DESE said a “hacker” stole “the records of at least three educators” who would be contacted shortly, according to the Post-Dispatch. The statement was not immediately available as the department’s website is down. 

The governor repeated that version of the story in a press conference Thursday where he threatened legal action against the journalist.

Read more here.

That’s it for today, thanks for reading. Check out The Hill’s technology and cybersecurity pages for the latest news and coverage. We’ll see you Monday.