FBI asks Congress for $40M to help combat wave of ransomware attacks
FBI Director Christopher Wray on Wednesday told a Senate panel that a request for a $40 million increase in its cybersecurity budget for the upcoming fiscal year would go in part towards combating increasing and damaging ransomware attacks.
“Our budget request, the enhancements we requested, include 155 positions and $40 million for cyber, and a huge part of that will be going very much to the ransomware campaign that we are working on,” Wray testified to the Senate Appropriations Committee’s Subcommittee on Commerce, Justice, Science, and Related Agencies.
Wray noted that the FBI is currently investigating over 100 types of ransomware variations, each of which he said had “scores and scores of victims,” and that enhancing the FBI’s ability to address ransomware attacks is a top priority.
“Our $40 million enhancement request is an important step toward ensuring that we have the right people and tools in place to address the evolving threats by some very sophisticated cyber adversaries,” Wray testified.
His comments came in the wake of two major ransomware attacks in recent weeks; an attack on Colonial Pipeline, which provides 45 percent of the East Coast’s gas, forced the company to shut down the pipeline for a week, leading to fuel shortages, and a ransomware attack on JBS USA, the nation’s largest supplier of beef, also threatened to disrupt food supply chains.
Both Colonial and JBS made the decision to pay the ransoms demanded in order to restart operations as quickly as possible. The FBI was able to recover just over half of the $4.4 million in Bitcoin that Colonial paid the hackers, whom the FBI assessed to be based in Russia.
Wray reiterated Wednesday that the FBI does not recommend paying ransoms, as it encourages future attacks and there is no guarantee victims will fully regain access to encrypted networks.
He stressed that any companies hit by ransomware attacks should immediately contact the FBI and other authorities to help respond to the incident.
“We encourage people when there is kidnappings of humans not to pay the ransom, but you want to have in effect the cyber equivalent of the FBI agent sitting there with the person talking to the hostage taker, because there are all kinds of things we can to help ensure a happy ending to the investigation if we are engaged early and transparently,” Wray said.
President Biden has made combating ransomware a major priority for his administration, and the Justice Department stood up a ransomware task force earlier this year. A top Justice Department official told Reuters earlier this month that the agency would begin giving ransomware investigations the same level of priority as terrorist attacks.