(AP) — The FBI
's director told lawmakers Thursday that the bureau discourages ransomware
payments to hacking
groups, despite the fact that major corporations have made multimillion-dollar payments in the last month to get their systems back online.
“It is our policy, it is our guidance from the FBI, that companies should not pay the ransom for a variety of reasons,” Christopher Wray
testified during a House Judiciary Committee
Aside from the fact that such payments may encourage additional cyberattacks, victims may not automatically receive their data back despite paying millions, “and that is not unheard of,” Wray said.
Ransomware attacks, in which hackers
lock up and encrypt a victim's data and demand a payment to unlock it, have grown in scale over the past year, targeting not only hospitals and police
departments, but also critical infrastructure
and vital industries. Some recent major corporate targets have responded by paying the ransom, fearing that a prolonged shutdown of their businesses could be disastrous.
, which transports approximately 45 percent of the fuel consumed on the East Coast
, paid a ransom of 75 bitcoin
— then valued at approximately $4.4 million — last month in the hopes of restoring service to its system.
JBS SA, the world's largest meat processing company, revealed on Wednesday that it had paid hackers the equivalent of $11 million to breach its computer system last month.
Colonial Pipeline CEO
Joseph Blount told lawmakers this week that paying the ransom was the most difficult decision of his career, but it was ultimately the right thing to do, especially given the gas
shortages that emerged in parts of the United States
within days. He also said that, while the key used to decrypt the company's data did not work
perfectly, Colonial has resumed operations after a brief halt.
The Justice Department
has stated that it was able to recover the majority of the ransomware payment after locating the virtual wallet used by the hackers. Wray also stated that, in addition to assisting companies in this manner, the FBI has been able to obtain the encryption keys of hackers and unlock the seized data without any payment being made in certain instances.
“Whether they pay the ransom or not, there are a slew of things we can do to prevent this activity from happening if they communicate, coordinate, and work closely with law enforcement right out of the gate,” he said.