FBI Director Christopher Wray said the national-security threat posed by ransomware attacks on the United States is akin to the terrorist attacks of September 11, 2001. Wray made the comparison in a new interview with the Wall Street Journal.
The FBI chief said that the agency was investigating about 100 different types of ransomware cyber-attacks — a type of attack using a malicious computer code that locks up a victim’s files, allowing hackers to demand payment for their release — and found a number of parallels to terrorist attacks.
“There are a lot of parallels, there’s a lot of importance, and a lot of focus by us on disruption and prevention,” Wray said in the interview. “There’s a shared responsibility, not just across government agencies but across the private sector and even the average American.”
Wray’s remarks come as the U.S. government and the private sector cope with the ramifications of two recent ransomware attacks. The most recent one hit the world’s largest meat supplier, JBS Foods, incapacitating systems in the United States, Canada, and Australia.
In April, hackers attacked Colonial Pipeline — the largest fuel pipeline in the United States — which led to gas shortages along the East Coast. The company admitted paying $4.4 million to the attackers, though FBI policy discourages paying ransom since doing so often encourages more attacks.
Wray told the paper that the bureau was more focused on getting those affected companies to cooperate with it in hopes of figuring out how to thwart future attacks.
“I don’t want to suggest that this is the norm, but there have been instances where we’ve even been able to work with our partners to identify the encryption keys, which then would enable a company to actually unlock their data — even without paying the ransom,” Wray stated.
Wray’s suggestion, however, comes in stark contrast with the White House’s approach to the issue. Just recently, White House Press Secretary Jen Psaki insisted, “These are private sector entities [Colonial Pipeline and JBS Foods], who have a responsibility to put in place measures to protect their own cyber security,” even though the companies are considered “critical infrastructure.”
Wray also said that although the high-profile attacks of late have put a spotlight on the issue, the country still needs to “come to terms” with the scope of the problem.
Americans are “now realizing it can affect them when they’re buying gas at the pump or buying a hamburger — I think there’s a growing awareness now of just how much we’re all in this fight together,” Wray said, adding, “The scale of this problem is one that I think the country has to come to terms with.”
FBI director — and much of the U.S. intelligence community — has pointed to Russia as the source of many of the most effective cyberattacks on the United States.
Wray claims that Russia gives safe refuge to cybercriminal groups such as the one that took down the Colonial Pipeline.
“Time and time again, a huge portion of those [attacks] traced back to actors in Russia. And so, if the Russian government wants to show that it’s serious about this issue, there’s a lot of room for them to demonstrate some real progress that we’re not seeing right now,” he said.
The Kremlin, which routinely dismisses any accusations of involvement in cyberattacks, returned the recent accusations, saying that U.S. territory was constantly being used “to organize a huge number of cyber attacks against various Russian organizations.” Putin said the allegations against Russia were “absurd.”
Changes driven by the hacking incidents are already underway, and The U.S. Department of Justice (DOJ) has drawn up policies for coordinating ransomware attack investigations across agencies, similar to how it handles terrorism cases.
Despite the aggressive approach to the cyber threat the federal bodies are beginning to employ, president Biden does not seem to show any determination to handle the threat with the seriousness it deserves. He publicly distanced himself from the attack on the Colonial Pipeline, and now he won’t say whether the United States would retaliate against Russia for the recent attacks, only noting “We’re looking closely at that issue.” As to whether he thought Putin was testing him, the president plainly said, “No.”
If cyberattacks, which are on the rise, are elevated to the level of terrorist attacks — a view shared by Republicans and Democrats — then President Biden would have to take a much tougher stance against the offenders.
President Biden is expected to raise the issue of Russia-based ransomware attacks with President Putin during their summit in Geneva later this month.