Cybercrime , Fraud Management & Cybercrime , Fraud Risk Management

FBI Seeks Extra Funds to Fight Ransomware, Other Threats

Director Christopher Wray Describes Cybersecurity Priorities
FBI Seeks Extra Funds to Fight Ransomware, Other Threats
FBI Director Christopher Wray testifying before a U.S. Senate committee on Wednesday

The FBI is requesting $40 million in additional funding for its fiscal 2022 budget to help combat and counter ransomware attacks and other cyberthreats, Director Christopher Wray told a U.S. Senate subcommittee this week.

See Also: Every Second Counts: 6-Step Ransomware Remediation Guide

In testimony Wednesday at a hearing of the Senate Appropriations Committee's Commerce, Justice, Science, and Related Agencies Subcommittee, Wray said the FBI needs the extra funds to address cybercrime, ransomware and various other threats. The FBI is also requesting another $15 million to help strengthen its internal security infrastructure as well as address network vulnerabilities.

Overall, the FBI is requesting a $10.3 billion budget, up from $9.8 billion requested for fiscal 2021.

Wray told senators that ensuring cybersecurity is now one of the bureau's top priorities, pointing to a string of recent cyberattacks. He cited, for example, ransomware incidents - such as those that targeted Colonial Pipeline Co. and meat processor JBS, the SolarWinds supply chain attack and the compromise of vulnerable Microsoft Exchange on-premises servers.

"These are becoming all too common, and while dealing with those, we're also contending with hundreds of other cyberthreats from nation-states and criminal actors alike," Wray said. "And our $40 million enhancement request is an important step toward ensuring that we've got the right people and tools in place to address the evolving threats by some very sophisticated cyber adversaries."

The FBI is tracking about 100 ransomware variants. In 2020, the bureau conducted about 1,100 cybercrime disruptions that included arrests of suspects and dismantling of infrastructure used during attacks, Wray said.

Ransom Payments

When asked by Sen. Jeanne Shaheen, D-N.H., the chairwoman of the subcommittee, about outlawing payments to ransomware gangs, Wray reiterated the FBI's long-standing guidance about ransomware response.

"In general, we would discourage paying the ransom because it encourages more of these attacks. And frankly, there's no guarantee whatsoever that you're going to get your data back, among other things," Wray said.

The FBI director noted that increased funding would help agents to disrupt the cryptocurrency payments used by cybercriminals as well as the digital infrastructure used in these attacks (see: Fighting Ransomware: A Call for Cryptocurrency Regulation).

Wray noted the FBI and the U.S. Department of Justice recently recovered $2.3 million of the $4.4 million ransom paid by Colonial Pipeline to the DarkSide ransomware gang (see: How Did FBI Recover Colonial Pipeline's DarkSide Bitcoins?).

"Our strategy is to go after the entire criminal ecosystem that exists - so not just the people demanding the ransomware, but all the people who helped facilitate it. We're trying to go after the actors. We're trying to go after the helpers. And we're trying to have to go after their infrastructure," Wray said. "We're trying to go after the money … but it has to be an across-the-government effort."

Notification Bill

During Wednesday's hearing, Wray was also asked about the draft of a nationwide breach notification law that would require government agencies and private firms to report a breach, ransomware attack or another significant cyber incident (see: Senators Draft a Federal Breach Notification Bill).

While Wray declined to comment on the proposal, he noted that the government and businesses need to take a consistent approach to addressing ransomware.

"I will say that if we don't solve the riddle of how to get the private sector to promptly and transparently work with us … we're going to have a heck of a time winning this. And so anything that helps provide more incentive for that to happen, I think, is a step in the right direction," Wray said.

John Hellickson, cyber executive advisor at security consulting firm Coalfire, says that greater cooperation between agencies, such as the FBI, and businesses is key to getting ransomware under control.

"The biggest challenge with getting the private sector to collaborate with the FBI has been the limited sharing of timely intel that could also benefit the private organization," Hellickson says. "It’s a two-way street, but the useful intel would generally be one-way - and any intel shared by the FBI to the respective organization would be shared too late to be of any use, where the organization likely was able to get the same intel from another agency or industry-related ISAC."

Other Spending Proposals

The Biden administration is pushing Congress to fund other cybersecurity initiatives and IT modernization efforts as part of the fiscal 2022 federal budget.

When the White House released its proposed budget in May, it included a proposed increase of $110 million to the U.S. Cybersecurity and Infrastructure Security Agency's budget to address various cybersecurity issues (see: Biden Budget Seeks to Invest Billions in US Cybersecurity).

Defense Operations

At another hearing on Wednesday, the Senate Armed Services Committee heard testimony from members of the U.S. Department of Defense about efforts to disrupt ransomware and other threats from overseas.

Mieke Eoyang, the deputy assistant secretary of defense for cyber policy, testified that while most of the Defense Department's cyber operations are focused overseas, the department shares intelligence - especially about foreign ransomware operations - with domestic agencies.

"The department is able to gain insight about hostile cyber actors during 'hunt forward' operations on allied and partner networks, and we use those insights to improve our own security posture and to enable appropriate actions by our partners, domestically and internationally," Eoyang testified. "We are also prepared to take authorized action to stop or degrade activity."

About the Author

Scott Ferguson

Scott Ferguson

Former Managing Editor, GovInfoSecurity, ISMG

Ferguson was the managing editor for the media website at Information Security Media Group. Before joining ISMG, he was editor-in-chief at eWEEK and director of audience development for InformationWeek. He's also written and edited for Light Reading, Security Now, Enterprise Cloud News, TU-Automotive, Dice Insights and

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.