Sen. Portman’s Report Reveals FBI Failure to Support Ransomware Victims

An investigation by the ranking member of the Senate Homeland Security and Governmental Affairs Committee revealed that the FBI may not be doing enough to help ransomware victims restore their systems following an attack.

According to Sen. Rob Portman’s report, two victims that sought support reported that the bureau prioritized its investigative efforts over protecting the companies’ data and mitigating damages. The companies also reportedly did not receive advice from the FBI on best practices for responding to ransomware attacks.

The federal government also failed to offer other useful guidance regarding cyber incidents, the respondents said. The victims were hit with cyberattacks from REvil, a Russian ransomware group that attacked software provider Kaseya and meat supplier JBS, CyberScoop reported.

According to the report, one of the two companies said that the FBI offered a hostage negotiator with no experience in ransomware. Investigators also reported that the two companies did not relay the cyberattack to the Cybersecurity and Infrastructure Security Agency.

During a Senate Homeland Security Committee hearing, FBI Director Christopher Wray defended the bureau’s process by saying it makes decisions as a group, and the decisions it takes are designed to create maximum impact.

The report is not the first instance that reveals the FBI’s lapses in supporting victims of cyber incidents. In September 2021, the Washington Post reported a decision by the agency to withhold a decryption key that would have helped hundreds of Kaseya customers that have been affected by REvil ransomware.

The FBI said it decided to hold the release of the decryption so REvil will not be alerted about its counter operations.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Defense and Intelligence

Join Us Now