FBI director compares ransomware attack response to September 11
Jun. 04, 2021 11:33 AM ETCYBR, CRWD, MNDTBy: Brandy Betz, SA News Editor43 Comments
- FBI Director Christopher Wray says the agency is investigating about 100 types of ransomware, many with ties to Russia, and says the national security challenge are similar to those following the September 11 attacks.
- “There are a lot of parallels, there’s a lot of importance, and a lot of focus by us on disruption and prevention,” Wray tells the Wall Street Journal. “There’s a shared responsibility, not just across government agencies but across the private sector and even the average American.”
- Yesterday, Reuters sources said the Department of Justice advised U.S. attorney's offices across the country to consider ransomware attacks as serious as terrorism and to coordinate any ransomware-related investigations with a task force in Washington.
- Ransomware attacks, not a new animal by any stretch, have grabbed increased headlines since the Colonial Pipeline attack, which resulted in the company paying a $4.4M ransom, and the disruption of meat processor JBS Foods.
- The U.S. taking a hard stance against ransomware can prevent more companies from paying a ransom, which rarely recovers all of the encrypted data and potentially attracts further attacks.
- Ransomware also has a geopolitical component. The FBI has named Russia-linked REvil as the group behind the JBS Foods attack.
- Late last year, a non-ransomware breach of IT software SolarWinds exposed government agencies and major corporations. The White House blamed the attack on Russia's SVR foreign intelligence service while issuing sanctions against Russia.
- Cybersecurity stocks that have showed strength through the various breaches include FireEye (FEYE -1.7%), CrowdStrike (CRWD -3.3%), and CyberArk (CYBR +1.6%).
- Earlier this week, FireEye announced plans to spin off its software business and brand name for $1.2B, which leaves behind the high-growth, low-margin Mandiant threat detection and response business.
- Yesterday, CrowdStrike rival SentinelOne filed for a NYSE IPO to raise up to $100M, a likely placeholder figure. SentinelOne's automated endpoint protection platform was able to protect its clients from the SolarWinds breach as it happened last year.