FBI Cyber Division Assistant Director James Trainor is telling businesses that, though ransomware attacks are on the rise, it’s best not to pay hackers when the situation arises.
According to the FBI, there’s been a significant increase in cybercriminals gaining unauthorized access to corporate networks in order to encrypt data and then extort the company to receive the key, The Wall Street Journal reported on Wednesday (May 4).
Despite the “unbelievable” surge in ransomware threats, during a speech earlier this week at the Center for Long-Term Cybersecurity at the University of California at Berkeley, Trainor said paying hackers only encourages the criminals to do the same to others.
Once they see their tactics are working, they will continue to attack.
“Some companies have an absolute policy not to pay, and other small companies have paid,” he said. Though WSJ said Trainor expressed his sympathies to those companies that do become victims of ransomware attacks, paying the ransom only serves as an incentive.
Last year, the FBI received roughly 2,453 complaints related to ransomware malware attacks, which amounted to $24.1 million in losses for victims.
“Definitely a growing threat,” FBI Special Agent Chris Stangl told The Washington Post earlier this year. “Success breeds more activity.”
While the initial ransomware demands are often small amounts, it adds up. And it also compromises another key factor: data security.
“Ransomware has been around for a long time, but we’ve never seen a concerted manual effort by hackers to break into a network, hang out for a year, spread to all the machines and then install it everywhere,” Val Smith, CEO of Attack Research, a cybersecurity firm, told the Post. “This is a major shift in effort.”