FBI Director Christopher Wray says the bureau discourages ransomware payments to hacking groups, even as major companies participated in multimillion-dollar transactions aimed at bringing their systems back online in the past month. have taken.
WASHINGTON — The FBI director told lawmakers Thursday that the bureau discourages ransomware payments to hacking groups, even as major companies last month conducted multimillion-dollar transactions aimed at bringing their systems back online. has participated in.
“It’s our policy, it’s our guidance, from the FBI, that companies should not pay ransoms for a variety of reasons,” Christopher Wray testified under questioning from members of the House Judiciary Committee.
Aside from the fact that such payments may encourage additional cyber attacks, victims may not automatically get their data back, despite being duped of millions, “and it is not unknown for this to happen,” Ray. he said.
In ransomware attacks, hackers lock and encrypt the victim’s data and demand payment to return it. Targeting not only hospitals and police agencies but critical infrastructure and critical industries, they have grown massively over the past year. Some of the most recent major corporate targets have responded by paying the ransom, fearing that prolonged closures of their businesses could have disastrous consequences for the country and disrupt vital supply chains.
Colonial Pipeline, which transports about 45 percent of the fuel consumed on the East Coast, last month paid a ransom of 75 bitcoins — then valued at about $4.4 million — in hopes of getting its system back online.
On Wednesday, JBS SA, the world’s largest meat processing company, revealed it had paid the equivalent of $11 million to hackers who broke into its computer systems last month.
Colonial Pipeline CEO Joseph Blount told lawmakers this week that the decision to pay the ransom was the toughest choice of his career, but ultimately the right thing to do, especially given gas shortages in parts of the United States. He said that although the key given to the company to decrypt its data did not fully work, Colonial has resumed operations after a brief shutdown.
The Justice Department has said it was able to recover the majority of ransomware payments after locating a virtual wallet used by hackers. Ray said that in addition to helping companies in this way, the FBI has also in some cases been able to obtain hackers’ encryption keys and unlock confiscated data without any payment.
“There are many things we can do to prevent this activity from happening, whether they pay the ransom or not, if they communicate and coordinate with law enforcement out of the gate,” he said. “This is the most important part.”
Follow Eric Tucker at http://www.twitter.com/etuckerAP