The FBI and Congress Weigh-in on Reporting Cyber Attacks

Posted June 22, 2021

According to research firm Cyber Security Ventures, a business will fall victim to a ransomware attack every 11 seconds this year. In many of those cases, such as Colonial Pipeline, many businesses have no plan for what they would do if they were attacked. Last year, crypto-ransomware payments overall more than quadrupled from 2019 according to Chainalysis. In April, a task force including Amazon Web Services, Microsoft, the FBI, the Secret Service, and others delivered recommendations to the White House on the ransomware threat. On the issue of delivering payments to attackers, the group was split. Part of the problem is that threat actors are getting savvier at placing their ransom demands. They are finding a sweet spot in ransom demands where it makes more sense for a business to simply pay the ransom instead of hemorrhaging cash due to paralyzed operations. As we highlighted last week, average ransomware payments increased by 43% from Q4 2020 to an average of $220,298.

The FBI still encourages businesses not to pay ransoms because every time a business pays, it encourages future attacks, and even after paying a business is not guaranteed to have its data restored or kept private. However, in recent testimony before Congress, FBI Director Christopher Wray emphasized the need for organizations to disclose attacks, especially to the FBI.

“Whether the company pays or not, what we really need is to make sure the companies, or other organizations who are victimized, reach out and coordinate with the FBI and with our partners as quickly and promptly as possible.”

The Director reiterated that in the case of the Colonial Pipeline attack, the reason the FBI was able to seize some of the ransomed bitcoin from the attackers and return the funds was that Colonial Pipeline informed the FBI of the attack early on. Director Wray was referring to the recent announcement from the US Justice Department that it had recovered 63.7 Bitcoins, valued at $2.3 million, which is approximately 1/2 of the total ransom paid by Colonial Pipeline.

The issue of ransomware payments is getting attention on Capitol Hill as well. Sen. Mark Warner, D-Va., is readying a bipartisan bill that would require some businesses to report cyber incidents to the government so law enforcement can quickly get involved. Warner expects the business community to be receptive to the legislation. He said it would include limited immunity for businesses in connection with the reports, which would be kept confidential between the government and private sector partners.

According to the World Economic Forum, ransomware is now a $1.5 trillion market. And in a recent move, the US Department of Justice elevated investigations of ransomware attacks to a similar priority as terrorism amid mounting damage caused by cybercriminals. The threat to businesses is likely to continue and increase. Contact us to learn how to prepare and protect your operations.

Kevin Willette

Kevin Willette is Partner / CEO of Verus Corp. His focus is ensuring complete customer satisfaction and providing as much or as little support as is needed for the individual client. Kevin knows that plenty of places do IT services, but what sets Verus Corp apart is the local feeling and the commitment to doing things right the first time. He has always wanted to be a business owner because it affords him the opportunity to offer a service that was better than anything clients had seen before. His true goal is to help customers make their businesses better by removing potential IT barriers. Kevin served as chair for Habitat for Humanity during his time at Minnesota State University, Mankato. He has also served on the WatchGuard Advisory Council since 2016. Kevin’s work with Verus Corp has helped them achieve awards as the WatchGuard Partner of the Year and Cisco Select Partner. Kevin graduated from Minnesota State in 2000 with a major in Business Marketing and minors in Business Administration and Music.