Business owners should not pay ransom to attackers threatening to lock up their systems in cyber intrusions, FBI Director Christopher Wray told a crowd in Newport News on Thursday.
Even if the ransom is paid, he said, the demands won’t stop.
“We strongly, strongly discourage paying the ransom,” Wray said before a packed audience at a homeland security symposium at Christopher Newport University.
“We need victims not to pay the ransom because that’s the gasoline that’s pouring on the fire,” Wray continued. “The more people pay, the price goes up and the more victims there are. So we have a shared common interest in not having the ransoms get paid.”
Wray has been at the helm of the FBI the past five years, leading the 35,000-employee bureau that investigates white-collar fraud, violent crime, child predators and national security breaches. On Wednesday, he was in Chesapeake to meet with leadership and hand out an award at the bureau’s Norfolk Field Office.
But his keynote address and a Q&A at CNU’s Gaines Theater focused largely on ransomware and other cyberattacks.
His discussion kicked off a symposium — “Protecting America’s Critical Infrastructure” — sponsored by the school’s Center for American Studies.
A ransomware attack is a growing kind of malware in which the attacker takes control of a user’s computer systems — or the device itself — and demands money in return for the encryption “key” to unlock access.
Companies sometimes pay to get their systems back up and running, which Wray said he understood.
“I recognize that these are difficult decisions for companies,” he said. “And as somebody who spent part of my career in the private sector representing companies, I fully get how complicated and thorny these things can be.”
But paying such ransoms “doesn’t guarantee you will be protected the way you’re hoping.”
“Start with the basics,” Wray said. “It’s not like with these guys their word is their bond, right?”
Moreover, he said, “we’re seeing double and triple extortion.”
“They’re not just locking up the systems,” Wray said. “They are stealing the information and then threatening to sell the information or release it to the public.”
And if a company pays, he says, “they’re going to keep coming at you.”
The best thing a company can do when hit with a ransomware attack, he said, is “to contact the FBI immediately.”
Wray talked of the agency’s big recent takedown of the “Hive” ransomware group. Hive’s 1,500 targets — including hospitals, school districts and financial firms — were based in 80 countries. More than $130 million in ransoms were demanded.