FBI Director Chris Wray has begged companies to stop paying hackers ransom money, saying it encourages cybercriminals to carry out more attacks.
Wray testified before a US Senate appropriations panel Wednesday for a bureau budget hearing where cybersecurity was one of the top issues on the agenda.
‘In general, we would discourage paying the ransom because it encourages more of these attacks, and frankly, there is no guarantee whatsoever that you are going to get your data back,’ he urged.
His comments come after several major companies have shelled out millions of dollars in ransom payments in recent months to hacking groups in efforts to get their systems back online.
Last month, Colonial Pipeline shelled out almost $5million to the criminal cybergroup DarkSide after it fell victim to an attack that forced the carrier of 45 percent of fuel to the East Coast to shut down its entire network and sparked a fuel crisis nationwide.
FBI Director Chris Wray (in Wednesday’s hearing) has begged companies to stop paying hackers ransom money, saying it encourages cybercriminals to carry out more attacks
Wray warned public companies and other hacking victims Wednesday that paying ransoms to cybercriminals will only embolden them to ramp up future attacks.
He said the FBI is seeing increasingly sophisticated types of ransomware attacks and that cyber thieves have been demanding larger sums of money.
‘We’ve seen the total volume of the money paid I think triple over the last year or so,’ Wray said.
Instead of bowing to the demands of cybercriminals, Wray urged companies and municipal governments who become victims of attacks to turn to the FBI as soon as possible.
‘When they do, there’s all kinds of things that we can do,’ Wray said.
‘Sometimes through other work we’ve done, we might have the decryption key and be able to help the company unlock their data without having to pay the ransom.’
He added that ‘the most important thing is that [victims] reach out and connect… with us as quickly and transparently as possible.’
The FBI director told the panel there needs to be a greater focus on encouraging – and incentivizing – victims to work with authorities in handling a cyber attack.
‘If we don’t solve the riddle of how to get the private sector promptly and transparently working with us – and more and more companies, I should say, are doing that all the time – but if we don’t make that sort of the norm, we’re going to have a heck of a time winning this conflict,’ he said.
‘Anything that helps provide more incentive for that to happen, I think is a step in the right direction.’
Wray testified before a US Senate appropriations panel Wednesday (above) for a bureau budget hearing where cybersecurity was one of the top issues on the agenda. ‘In general, we would discourage paying the ransom because it encourages more of these attacks’ he urged
The Justice Department revealed this month that officials managed to help Colonial Pipeline recover $2.3million of the almost $5million in cryptocurrency ransom it paid out to hackers.
The FBI was able to identify a Bitcoin wallet used by the DarkSide hackers to collect payment from Colonial.
The bureau was then able to recover those funds because it had a private key to unlock the wallet.
It was unclear how the FBI managed to access the key, with officials keeping the secret close to their chest to help in future incidents.
However, officials said even foreign-based cybercriminals like DarkSide often use US infrastructure at some point in the criminal enterprise, giving the US an entry to recover funds.
Bitcoin seizures by the federal government are relatively uncommon, but authorities have been stepping up their expertise in tracking the flow of digital money.
Colonial Pipeline was condemned by national security experts and members of Congress alike after it emerged it had paid close to $5million to DarkSide in exchange for a decryption key to restore access to its servers.
Several major companies have shelled out millions of dollars in ransom payments in recent months Last month, Colonial Pipeline (the facility in Baltimore, Maryland) shelled out almost $5million to the criminal cybergroup DarkSide after it fell victim to an attack
The cyber attack forced the carrier of 45 percent of fuel to the East Coast to shut down its entire network and sparked a fuel crisis nationwide with gas pumps dry across the country
The pipeline was taken offline on May 7 in the attack, halting 2.5 million barrels per day of fuel shipments along the line running from Texas to New Jersey.
The hack sparked concerns of a national fuel crisis with thousands of gas stations running out of fuel and motorists racing to fill up their cars, pushing the national average price of gas past $3 for the first time since 2014.
The FBI said named DarkSide as the perpetrator of the attack.
DarkSide is believed to be based in Russia or Eastern Europe with ties to Russia.
Officials said the hack was the most disruptive cyberattack on energy infrastructure in American history.
But, Colonial is not alone in forking out ransom money to meet the demands of hackers.
Earlier this month, it emerged that America’s largest beef supplier JBS paid an $11million ransom in Bitcoin to the hackers who shut down its US plants.
America’s largest beef supplier JBS paid an $11 million ransom in bitcoin to the hackers who shut down its plants in the United States
Andre Nogueira, the CEO for the Brazilian company’s United States division, told The Wall Street Journal the payment was made after most JBS plants were already up and running again as ‘insurance to protect our customers.’
He added: ‘It was very painful to pay the criminals, but we did the right thing for our customers.’
JBS learned of the attack early on May 30 after finding ‘irregularities’ on its servers and a ransom note.
This forced the supplier to shut down its computer servers, suspending meat production systems at its US plants for four days.
The scale at which victims of cyber attacks are bowing down to the will of hackers is not fully known, as many firms quietly pay ransoms without it being made public.
However, an analysis by Blockchain analytics firm Elliptic last month found that DarkSide alone had bagged more than $90million in Bitcoin ransom payments from 47 victims in the nine months between October last year and mid-May when the wallet shut down.
DarkSide bagged the most ransom money in February when it got more than $20million in payments from 11 victims.
Dark web intelligence firm DarkTracer identified 99 organizations that were infected with Darkside including fashion label Guess and car firm Toshiba.
The DarkSide hackers that closed the Colonial Pipeline bagged more than $90 million in Bitcoin ransom payments from 47 victims in the last year
This means roughly half of all organizations targeted by the cybercriminal gang paid ransom money with the average payment being around $1.9million, Elliptic said.
It is not clear which companies paid the hackers ransom money.
Of the more than $90million identified, $15.5million went to DarkSide’s developer and the remaining $74.7million went to its affiliates, Elliptic said.
Most ransom money paid to DarkSide was then sent to cryptoasset exchanges, where it could be swapped for standard currencies such as US dollars.
Wray is looking to allocate a significant part of the FBI budget into cybersecurity so the US can ramp up expertise in the wake of the spate of high-profile, crippling cyber attacks on major government agencies and public and private companies.
The FBI’s fiscal year 2022 budget proposal includes an additional $40million for cybersecurity investigations, including hiring 155 more experts in the field.
It also includes another $15million to help the FBI improve its own cybersecurity.
Joe Biden also vowed to put in measures to strengthen the US’s cybersecurity defenses following the Colonial Pipeline attack.