In just the past month, major companies have made multimillion-dollar payments to ransomware hackers to get their systems back online. But even so, the FBI still discourages ransomware victims from paying up.
"It is our policy, it is our guidance, from the FBI, that companies should not pay the ransom for a number of reasons," FBI director Christopher Wray testified Thursday before the House Judiciary Committee.
For one thing, the FBI believes paying these ransoms only encourages more cyber attacks. For another thing, companies or governments that pay millions to hackers still might not get their data back, "and that's not unknown to happen," Wray said.
Ransomware is one of the biggest cyber security threats facing businesses today. It's a type of malware that attackers can use to lock a device or encrypt its contents so they can extort money from the owner or operator.
Given its potential to deliver a high return on investment and the relative ease at which it can spread, this type of attack has become extremely popular among cyber criminals.
Just recently, two major ransomware cases have illustrated the dangers:
On Wednesday, JBS Foods, the world's largest meat processor, confirmed it paid an $11 million ransom to hackers who compromised its IT systems late last month. The company, which produces close to a quarter of the US' beef, fell victim to a ransomware attack on May 30. The firm was forced to suspend all affected systems and, in some areas, shut down production for 24 hours.
Last month, Colonial Pipeline, which transports nearly half the fuel consumed on the East Coast, confirmed the company paid $4.4 million to cyber criminals who launched a ransomware attack against it earlier in the month.
The Department of Justice ended up recovering $2.3 million of that ransomware payment by tracking Bitcoin transfers.
FBI Director Wray told Congress on Thursday that, in addition to helping companies that way, the FBI has sometimes obtained hackers' encryption keys and unlocked the seized data without paying a dime.
RELATED RESOURCE
Defend your organisation from evolving ransomware attacks
Learn what it takes to reduce risk and strengthen operational resiliency
"There are a whole bunch of things we can do to prevent this activity from occurring, whether they pay the ransom or not, if they communicate and coordinate and work closely with law enforcement right out of the gate," he said. "That's I think the most important part."
Last week, the Justice Department announced it was elevating ransomware investigations to a similar status as terrorism. Internal guidance sent to US attorney's offices across the country said ransomware investigations in the field should be centrally coordinated with a new task force in Washington, DC.
-
From phone calls to roll calls: 3CX has the answerHow Yellowgrid, a 3CX Platinum distributor, has taken advantage of 3CX Phone System’s customisable nature to create a time-saving solution already embraced by over 100 UK schools
-
What is operational technology – and why is it at risk?Explainer As operational technology becomes more connected, securing it from cyber threats is more urgent than ever
-
Average ransom payment doubles in a single quarterNews Targeted social engineering and data exfiltration have become the biggest tactics as three major ransomware groups dominate
-
BlackSuit ransomware gang taken down in latest law enforcement sting – but members have already formed a new groupNews The notorious gang has seen its servers taken down and bitcoin seized, but may have morphed into a new group called Chaos
-
Google cyber researchers were tracking the ShinyHunters group’s Salesforce attacks – then realized they’d also fallen victimNews In an update to an investigation on the ShinyHunters group, Google revealed it had also been affected
-
Nearly one-third of ransomware victims are hit multiple times, even after paying hackersNews Many ransomware victims are being hit more than once, largely thanks to fragmented security tactics
-
75% of UK business leaders are willing to risk criminal penalties to pay ransomsNews A ransom payment ban is a great idea - until you're the one being targeted...
-
The Scattered Spider ransomware group is infiltrating Slack and Microsoft Teams to target vulnerable employeesNews The group is using new ransomware variants and new social engineering techniques - including sneaking into corporate teleconferences
-
Hackers breached a 158 year old company by guessing an employee password – experts say it’s a ‘pertinent reminder’ of the devastating impact of cyber crimeNews A Panorama documentary exposed hackers' techniques and talked to the teams trying to tackle them
-
The ransomware boom shows no signs of letting up – and these groups are causing the most chaos
News Thousands of ransomware cases have already been posted on the dark web this year
