The FBI and Congress Weigh-in on Reporting Cyber Attacks
According to research firm Cyber Security Ventures, a business will fall victim to a ransomware attack every 11 seconds this year. In many of those cases, such as Colonial Pipeline, many businesses have no plan for what they would do if they were attacked. Last year, crypto-ransomware payments overall more than quadrupled from 2019 according to Chainalysis. In April, a task force including Amazon Web Services, Microsoft, the FBI, the Secret Service, and others delivered recommendations to the White House on the ransomware threat. On the issue of delivering payments to attackers, the group was split. Part of the problem is that threat actors are getting savvier at placing their ransom demands. They are finding a sweet spot in ransom demands where it makes more sense for a business to simply pay the ransom instead of hemorrhaging cash due to paralyzed operations. As we highlighted last week, average ransomware payments increased by 43% from Q4 2020 to an average of $220,298.
The FBI still encourages businesses not to pay ransoms because every time a business pays, it encourages future attacks, and even after paying a business is not guaranteed to have its data restored or kept private. However, in recent testimony before Congress, FBI Director Christopher Wray emphasized the need for organizations to disclose attacks, especially to the FBI.
“Whether the company pays or not, what we really need is to make sure the companies, or other organizations who are victimized, reach out and coordinate with the FBI and with our partners as quickly and promptly as possible.”
The Director reiterated that in the case of the Colonial Pipeline attack, the reason the FBI was able to seize some of the ransomed bitcoin from the attackers and return the funds was that Colonial Pipeline informed the FBI of the attack early on. Director Wray was referring to the recent announcement from the US Justice Department that it had recovered 63.7 Bitcoins, valued at $2.3 million, which is approximately 1/2 of the total ransom paid by Colonial Pipeline.
The issue of ransomware payments is getting attention on Capitol Hill as well. Sen. Mark Warner, D-Va., is readying a bipartisan bill that would require some businesses to report cyber incidents to the government so law enforcement can quickly get involved. Warner expects the business community to be receptive to the legislation. He said it would include limited immunity for businesses in connection with the reports, which would be kept confidential between the government and private sector partners.
According to the World Economic Forum, ransomware is now a $1.5 trillion market. And in a recent move, the US Department of Justice elevated investigations of ransomware attacks to a similar priority as terrorism amid mounting damage caused by cybercriminals. The threat to businesses is likely to continue and increase. Contact us to learn how to prepare and protect your operations.