The U.S. and other governments are still grappling with how to advise victims of ransomware attacks, a top Justice Department cybercrime official said at Semafor’s Securing the Digital Future event.
John Lynch, who heads the DOJ’s computer crime and intellectual property section, said that “on a whole” officials agree that paying a ransom to a hacker is the wrong approach. However, he acknowledged that the circumstances of certain ransomware attacks can complicate that advice.
“I have trouble going to a victim who maybe has their family on the line or their family members on the line or a hospital or something like that and saying, ‘oh you can’t possibly pay,’” Lynch told Semafor’s Gina Chon. “That’s something that I think, as a policy matter, all governments are still working through.”
The FBI does not support victims paying ransom to hackers, in part because doing so does not guarantee that the data will be restored. It could also incentivize future hacks, the FBI says. Still, attacks on infrastructure where life is involved raise the stakes. Hospitals are one of the main targets for ransomware attacks.
And some high-profile victims have gone against that advice. Colonial Pipeline, the victim of a 2021 attack that imperiled roughly half of the East Coast’s fuel supply, paid a $4 million ransom demanded by hackers.
Lynch described a diverse and unpredictable landscape of cyber threats that requires government prosecutors to constantly shift gears in order to focus resources on the most pressing attacks at hand.
While sophisticated cyber criminals and state-sponsored hackers always pose a threat, he noted that one doesn’t necessarily need to have extensive resources or knowledge to carry out a successful cyberattack.
“The barrier to entry now with things like ransomware as a service and other things is very low,” Lynch said.