Lawmakers from the U.S. House of Representatives and the Senate are questioning law enforcement officials from the Federal Bureau of Investigation about the handling of ransomware investigations after reports surfaced that the agency did not make available a decryption tool it created for victims of an attack for three weeks.
Gary Peters (D-Mich.), chairman of the Senate Homeland Security and Governmental Affairs Committee, specifically calls into question whether in the agency’s zeal to track down criminals it may have lost sight of the bigger issue.
“I certainly understand and respect that Kaseya is an ongoing investigation here, but the FBI’s decisions here may have cost millions of dollars, and possibly even more than that,” Peters said during the hearing. “The FBI in my mind is going to need to explain this action, we need to know who signed off on it, who was aware, and whether the cost to the bottom line to Americans families and businesses was considered in that decision process.”
Decryption tools for specific ransomware attacks are now widely available. A No More Ransom project launched by the National High Tech Crime Unit of the Netherlands' police, Europol's European Cybercrime Centre, Kaspersky, and McAfee now makes available 121 free ransomware decryption tools that can decrypt 151 ransomware families. More than six million ransomware victims have used those tools to recover encrypted files.
Based on the report of the decryption tool created by the FBI, law enforcement agencies are getting more adept at creating decryption tools faster. The challenge, of course, is that new families of ransomware appear all the time. Even if a decryption tool is made available in a few days the damage a business can suffer can still be extensive. Waiting weeks for a decryption tool to become available is nothing less than debilitating. Finding out it may have existed but wasn’t made available might be downright infuriating.
Decryption tools can even play a critical role in dissuading cybercriminals from even launching attacks. The return on investment on a ransomware attack isn’t going to be all that high if victims can easily recover their files without paying the ransom. If those tools can be made available quickly, ransomware attacks will become more of a nuisance than a catastrophic event.
Of course, innovations always seem to cut both ways. Cybercriminals might employ decryption tools to just flat out steal data that is then sold on some illicit exchange on the Dark Web. Law enforcement agencies might also overstep their authority in ways that violate privacy. At this juncture, however, there’s no stopping anyone from attempting to perpetrate a crime so the benefits of decryption tools still outweigh all the potential negatives.
The availability of decryption tools does not mean organizations should relax their guard. The best defense is still having ready access to a pristine copy of data that can be easily recovered. The pressure of cybersecurity and IT teams, however, is sharply reduced any time there is a decryption tool readily available. Hopefully, more entities will contribute to the development of decryption tools in the interests of the greater good. Ransomware is a perversion of encryption innovations that were originally made to protect data. The only way to thwart those attacks once and for all will be additional decryption innovations.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.