Approaches to ransomware payoffs are getting a lot of attention from government agencies, cybersecurity firms and think tanks, but the FBI has now handed down its official recommendation to Congress: Don’t make the payments illegal, CNN reported on Wednesday (July 28).
“If we ban ransom payments now, you’re putting U.S. companies in a position to face yet another extortion, which is being blackmailed for paying the ransom and not sharing that with authorities,” Bryan Vorndran, assistant director of the FBI’s cyber division, said at a Senate Judiciary Committee hearing on ransomware. When banning payments to data thieves, hacker gangs could see that as a chance to expand their circle of extortion, Vorndran said.
Overall, regulators in the U.S. have largely frowned upon the paying of ransom by companies that had important data hijacked, but have yet to devise a way to stop the behavior. Cybersecurity professionals have said in the past that it can be tempting for firms to pay as a way to quickly resolve the situation. “It’s a really complicated conversation, but it’s our position that banning ransom payments is not the road to go down,” Vorndran said.
A report by the ransomware task force, which was released in April by the Institute for Security and Technology, declined to make a specific recommendation regarding ransomware payments.
At a recent House Energy and Commerce subcommittee hearing on ransomware, Institute for Security and Technology CEO Philip Reiner said that the landscape is “not ready” for a ban on ransomware payments.
Two weeks ago, the ransomware task force offered a reward of up to $10 million for any information leading to the identities of cyber thieves. Since 2016, there have been 4,000 ransomware attacks every day — that’s about one every 11 seconds.
The expanding global threat of ransomware attacks prompted the U.S. Department of Justice (DOJ) and Department of Homeland Security (DHS) to launch the website StopRansomware to offer resources. Last year, hackers were paid $350 million in ransom payouts — a 300 percent increase.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More