The FBI does not advise companies to pay ransom

Apr 1, 2016 13:00 GMT  ·  By

The FBI has changed its official stance regarding ransomware infections after the US Senate inquired why it was recommending people to pay ransoms and indirectly supporting cyber-criminals by doing so.

At the end of October last year, while giving a presentation at the Cyber Security Summit in Boston, Joseph Bonavolonta, Assistant Special Agent in Charge of the FBI’s Cyber and Counterintelligence Program, disclosed some details about how the FBI handled companies and individuals that were infected with crypto-ransomware.

Mr. Bonavolonta said that, in most cases, because the FBI can't help these companies recover files, their agents often end up recommending them to pay the ransom to get their data back.

The FBI had to answer to the US Senate for its stance on ransomware

These statements made headlines all over the world, mostly because a lot of people overreacted to the idea of the FBI encouraging companies to sponsor the cyber-crime underground market, even if, in theory, for companies that wanted to get files back, there was no technical alternative but to pay the ransom.

The very same statements also reached the ears of various US officials, among which were US Senator Ron Wyden, who, on December 15, 2015, redacted a letter to FBI Director James Comey, on behalf of various US Senate committees.

The first point in the letter was a question regarding Mr. Bonavolonta's statements, which apparently got the FBI in hot water with US representatives.

Donald J. Good, Deputy Assistant Director of the FBI's Cyber Division, apparently answered this letter at the start of February.

The FBI does not "officially" tell companies to "pay up!"

Responding the most pressing issue, Mr. Good said the following: "The FBI does not advise victims on whether or not to pay the ransom."

"The FBI advises that the use of backup files is an effective way to minimize the impact of ransomware and that implementing computer security best practices is the most effective way to prevent ransomware infections," Mr. Good also add.

"Individuals or businesses that regularly backup their files on an external server or device can scrub their hard drive to remove the ransomware and restore their files from backup. If all individuals and businesses backed up their files, ransomware would not be a profitable business for cyber criminal actors."

"If none of these precautions have been taken and the individual or business still wants to recover their files, the victim's remaining alternative is to pay the ransom," Mr. Good states, emphasizing that it's not the agency's custom to push victims towards paying the ransom, but the victim's choice alone.

You can read the response for yourself below, along with all the other answers to Senator Wyden's questions.

Senator Wyden's letter (3 Images)

FBI does not advise companies to pay ransomware ransoms
US Senator Ron Wyden letter to the FBI (1/2)US Senator Ron Wyden letter to the FBI (2/2)
Open gallery