Ransomware, Content

FBI Investigating 100 Ransomware Variants


Federal law enforcement is investigating 100 different ransomware variants and now considers ransomware attacks as terrorism.

Many of the ransomware types the Federal Bureau of investigation (FBI) is examining can be traced back to Russian hackers, Christopher Wray, the agency’s director, told the Wall Street Journal (WSJ) in an interview.

President Biden has been careful not to directly blame Russia's government for the attacks, but Biden has called on Russia President Vladimir Putin to track down and shut down ransomware groups that may be operating within Russia's borders.

Digital Ransomware and Physical Terrorism: Similarities?

In a startling statement, Wray compared the current rash of ransomware attacks, which has hit U.S. critical infrastructure, healthcare facilities, schools, large corporations and other lucrative targets, to the Sept. 11, 2001 terrorist attacks.

“There are a lot of parallels, there’s a lot of importance, and a lot of focus by us on disruption and prevention,” Wray, said. “There’s a shared responsibility, not just across government agencies but across the private sector and even the average American.”

One monstrous difference, of course, is that the 9/11 terrorism killed more than 3,000 people, suggesting that the director believes ransomware has the potential not only to disrupt major elements of the U.S. economy but also to cause significant deaths.

100 Ransomware Variants X 12 to 100 Attacks (Each)

Each of the 100 different malicious software variants are responsible for at least a dozen and perhaps as many as 100 ransomware attacks in the U.S., Wray said. “The scale of this problem is one that I think the country has to come to terms with,” he said in the interview.

Much of the hijacking malware is linked to Russian hackers, Wray and other top U.S. security officials have said. “Time and time again, a huge portion of those traced back to actors in Russia,” said Wray. In early May, the FBI linked the Russia-based DarkSide hacking crew to the forced shutdown of the Colonial Pipeline network. The good news: Federal investigators said they have recovered $2.3 million in bitcoin of the nearly $5 million the oil and gas supplier paid to Russian hackers following the attack.

Amid the Kremlin’s denials that it is backing cyber crews, is U.S. skepticism that Russia is “serious about this issue,” Wray said. “There’s a lot of room for them to demonstrate some real progress that we’re not seeing right now,” he told the WSJ.

Ransomware Attack Trends: Frequency, Costs

Ransomware events have tripled in the past year based on complaints to the FBI and input from businesses, according to Wray. And, based on data compiled by some security specialists, the average ransom payment has spiked precipitously in the past two years as the type of attacks have mutated from multiple, smaller forays to so-called big game heists.

According to Coveware's Quarterly Ransomware Report, the average ransom payment in the first three months of this year was $220,298, up 43 percent from $154,108 in the final three months of 2020. Figures from cybersecurity researchers at Palo Alto Networks are even more eye popping, pegging the average ransom paid by victims in North America and Europe at $312,493 in 2020 for a 173 percent jump from $115,123 in 2019.

While ransomware had previously caught the federal government’s interest, it now has captured its full attention. Collectively and individually the Department of Homeland Security (DHS), the Department of Justice (DOJ) and Congressional members are sounding a loud clarion call warning of ransomware’s potential to hijack organizations in the public and private sector with losses reaching hundreds of millions of dollars. Biden administration officials have termed ransomware attacks a threat to national security and an epidemic. “The threat is real. The threat is upon us. The risk is to all of us,” DHS Secretary Alejandro Mayorkas said at a recent event.

Department of Justice Battles Ransomware

It’s not only DHS that has stepped up its efforts to home in on ransomware threats. The Department of Justice is forming a Ransomware and Digital Extortion Task Force to deal with ransomware with more training, resources and cross agency sharing of threat intelligence. And, the law enforcement agency will launch a 120-day review of its strategy for defending the nation including examining supply chain attacks, nation-state exploits, artificial intelligence, cryptocurrency and other emerging threats.

“There is a great deal to do, and we are launching this review to make sure we are bringing all the tools we can to address it,” Deputy Attorney General Lisa Monaco recently said at an international cyber conference.

As for DHS, the security agency and its cyber wing, the Cybersecurity Infrastructure and Security Agency, (CISA) has launched a series of 60-day initiatives to tackle ransomware, protect critical infrastructure, build international partnerships and other security priorities. In early March, Mayorkas announced that Federal Emergency Management Agency (FEMA) cybersecurity grants will be bumped up by $25 million across the U.S. as part of a wide initiative to derail ransomware.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.