In just the past month, major companies have made multimillion-dollar payments to ransomware hackers to get their systems back online. But even so, the FBI still discourages ransomware victims from paying up.
"It is our policy, it is our guidance, from the FBI, that companies should not pay the ransom for a number of reasons," FBI director Christopher Wray testified Thursday before the House Judiciary Committee.
For one thing, the FBI believes paying these ransoms only encourages more cyber attacks. For another thing, companies or governments that pay millions to hackers still might not get their data back, "and that's not unknown to happen," Wray said.
Ransomware is one of the biggest cyber security threats facing businesses today. It's a type of malware that attackers can use to lock a device or encrypt its contents so they can extort money from the owner or operator.
Given its potential to deliver a high return on investment and the relative ease at which it can spread, this type of attack has become extremely popular among cyber criminals.
Just recently, two major ransomware cases have illustrated the dangers:
On Wednesday, JBS Foods, the world's largest meat processor, confirmed it paid an $11 million ransom to hackers who compromised its IT systems late last month. The company, which produces close to a quarter of the US' beef, fell victim to a ransomware attack on May 30. The firm was forced to suspend all affected systems and, in some areas, shut down production for 24 hours.
Last month, Colonial Pipeline, which transports nearly half the fuel consumed on the East Coast, confirmed the company paid $4.4 million to cyber criminals who launched a ransomware attack against it earlier in the month.
The Department of Justice ended up recovering $2.3 million of that ransomware payment by tracking Bitcoin transfers.
FBI Director Wray told Congress on Thursday that, in addition to helping companies that way, the FBI has sometimes obtained hackers' encryption keys and unlocked the seized data without paying a dime.
RELATED RESOURCE
Defend your organisation from evolving ransomware attacks
Learn what it takes to reduce risk and strengthen operational resiliency
"There are a whole bunch of things we can do to prevent this activity from occurring, whether they pay the ransom or not, if they communicate and coordinate and work closely with law enforcement right out of the gate," he said. "That's I think the most important part."
Last week, the Justice Department announced it was elevating ransomware investigations to a similar status as terrorism. Internal guidance sent to US attorney's offices across the country said ransomware investigations in the field should be centrally coordinated with a new task force in Washington, DC.
-
AI coding tools are booming – and developers in this one country are by far the most frequent usersNews AI coding tools are soaring in popularity worldwide, but developers in one particular country are among the most frequent users.
-
Cisco warns of critical flaw in Unified Communications Manager – so you better patch nowNews While the bug doesn't appear to have been exploited in the wild, Cisco customers are advised to move fast to apply a patch
-
A prolific ransomware group says it’s shutting down and giving out free decryption keys to victims – but cyber experts warn it's not exactly a 'gesture of goodwill'News The Hunters International ransomware group is rebranding and switching tactics
-
Swiss government data published following supply chain attack – here’s what we know about the culpritsNews Radix, a non-profit organization in the health promotion sector, supplies a number of federal offices, whose data has apparently been accessed.
-
Ransomware victims are getting better at haggling with hackersNews While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker groupNews An analysis of May's SQL database dump shows how much LockBit was really making
-
‘I take pleasure in thinking I can rid society of at least some of them’: A cyber vigilante is dumping information on notorious ransomware criminals – and security experts say police will be keeping close tabsNews An anonymous whistleblower has released large amounts of data allegedly linked to the ransomware gangs
-
It's been a bad week for ransomware operatorsNews A host of ransomware strains have been neutralized, servers seized, and key players indicted
-
Everything we know about the Peter Green Chilled cyber attackNews A ransomware attack on the chilled food distributor highlights the supply chain risks within the retail sector
-
Scattered Spider: Who are the alleged hackers behind the M&S cyber attack?News The Scattered Spider group has been highly active in recent years
