Sign up for more with a complimentary subscription to Today’s General Counsel magazine.
Ransomware Attack? What The FBI Can Do For You.
March 7, 2023
According to a senior FBI official, healthcare was the number one target for ransomware attacks last year, followed by manufacturing and government, including schools. The number one ransomware perp was LockBit, followed by BlackCat and Hive. The official, David Scott, who is deputy assistant director of the FBI’s Cyber Division, says that if it happens to you, the FBI can help.
Last year the Bureau received a total of 870 complaints regarding ransom attacks against critical infrastructure. according to Scott. “There are obviously many, many more that didn’t impact critical infrastructure,” he added, estimating that the FBI hears about only 20 to 25 percent of attacks that occur. Scott’s comments, delivered at a conference in Glascow, Scotland, were reported on the website HealthcareInfoSecurity. His ranking of targets and most active perpetrators was based on data from the FBI’s Internet Crime Complaint Center (IC3), which per its website is the nation’s “central hub for reporting cyber crime.” Companies are urged to use the site, both to file a complaint if they are hit and to get updates on the latest threats.
In his speech, Scott emphasized the FBI’s ability to act as a kind of consultant to companies that have been attacked. The HealthcareInfoSecurity post reports that another FBI official, in testimony before the House Judiciary Committee last year, said that the agency can put “a cyber-trained FBI agent on nearly any doorstep in this country within one hour,” and do the same in more than 70 countries within a day through partner investigators. Scott says that mandate is still operative. Decisions about paying the ransom, he says. remain with the victim.
Companies seething after an attack or on edge over the possibility of one might hope for more, mainly some blood, in the form of a preemptive takedown or an outright bust. They could get some satisfaction from a report in an older post from HealthcareInfoSecurity (“Who’s Disrupting Ransomware Groups’ Stolen Data Leak Sites? Major Drama in the Online Underworld”). It says that some of the best known ransomware groups had been knocked out, temporarily at least, by distributed denial-of-service attacks. That’s bad for their profits, and also for the brands, the writer notes. “It’s unclear if these disruptions might be the work of law enforcement or intelligence agencies. One theory is that rival operators are targeting each other,” he says.
Share this post: