The United States Federal Bureau of Investigation (FBI) is currently investigating more than 100 different variants of ransomware, many of which have been used in multiple ransomware campaigns.
Information on the Bureau’s efforts to tackle the malware threat was among the remarks delivered to the United States House Committee on the Judiciary in Washington on Tuesday by Bryan Vorndran, assistant director of the FBI’s Cyber Division.
“There is not a day that goes by without multiple FBI field offices responding to ransomware attacks,” said Vorndran, “The ransomware threat is not new, and it has been one of the FBI’s top cybercriminal investigative priorities for some time, but we have seen ransomware attack reporting increase significantly in the past two years, and the impact of these attacks has grown to dangerous proportions, threatening our economic and national security.”
Describing the rise in ransomware use, Vorndran said that from 2019 to 2021, the number of ransomware complaints reported to the FBI’s Internet Crime Complaint Center (IC3) increased by 82%, with a 449% rise in ransom payments over the same period.
“‘Ransomware-as-a-service’ (when a developer sells or leases ransomware tools to criminal customers) has decreased the barrier to entry and technological savviness needed to carry out and benefit from these compromises and increased the number of criminals conducting ransomware campaigns,” noted Vorndran.
He added that while ransomware actors and tactics have evolved, the motive behind the malware’s use was still maximizing profit by paralyzing victims’ operations.
“Cyber-criminals recognize profit can be maximized by targeting organizations where downtime cannot be tolerated – specifically, infrastructure critical to public safety,” said Vorndran, “In 2021 alone, the FBI, CISA, and NSA observed incidents involving ransomware against 14 of the 16 US critical infrastructure sectors.”
The FBI has more than 800 cyber-trained agents spread across 56 field offices and more than 350 sub-offices. Vorndran said the Bureau’s reach, unique tools and resources were unmatched by any other organization.
He said: “We can put a cyber-trained FBI agent on nearly any doorstep in this country within one hour, and we can accomplish the same in more than 70 countries in one day through our network of legal attachés and cyber assistant legal attachés.”