Senate ransomware investigation says FBI leaving victims in the lurch

Written by Tonya Riley

The FBI might be coming up short when helping ransomware victims restore their systems, according to an investigation released Thursday by the Senate Homeland Security and Governmental Affairs Committee’s ranking member Rob Portman, R-Ohio.

Senate investigators plumbed three case studies of ransomware attacks against U.S. companies within the past five years. All three companies interviewed for the investigation reported the attacks to the FBI at the time, but only two pursued assistance. All three attacks were committed by REvil, the notorious Russian ransomware gang that drew intense scrutiny from U.S. law enforcement last year after major attacks on software supplier Kaseya and global meat supplier JBS.

The Senate committee report withholds the names of the victims and dates of the attacks to protect victims from potential retaliation from hackers, a committee aide said in a call with reporters. The aide declined to say if the attacks were previously publicly reported.

The report notes that both companies that sought out assistance from the FBI found the response lacking.

“They told the Committee that the Federal Bureau of Investigation (FBI) prioritized its investigative efforts into REvil’s operations over protecting the companies’ data and mitigating damage,” the report notes. “Both companies also indicated they did not receive advice on best practices for responding to a ransomware attack or other useful guidance from the Federal Government.”

In the case of “Entity A,” a Fortune 500 company, the FBI reportedly offered a hostage negotiator with no experience in ransomware. Neither of the companies in the report interacted with CISA during their response to the attacks, according to investigators.

There have also been publicly reported cases of the FBI leaving victims in the lurch. The FBI reportedly withheld a decryption key that could have helped hundreds of Kaseya customers in order to not tip off REvil to an operation against the group, The Washington Post reported in September.

When asked about the decision at a Senate Homeland hearing,…