Letter to Hon. Christopher A. Wray, Director of the Federal Bureau of Investigation - Comer Seeks Answers on FBI's Handling of Widespread Ransomware Attack

Letter

Dear Director Wray:

Earlier this summer, a Florida-based software company was the victim of a ransomware
attack that compromised between 800 and 1,500 businesses around the world. Although the
Federal Bureau of Investigation (FBI) reportedly obtained a digital decryptor key that could have
unlocked affected systems, it withheld this tool for nearly three weeks as it worked to disrupt the
attack, potentially costing the ransomware victims--including schools and hospitals--millions of
dollars. We request information to understand the rationale behind the FBI's decision to
withhold this digital decryptor key and the agency's approach to responding to ransomware
attacks.

As you are aware, cyber attacks, including ransomware attacks, have become more
frequent and severe in nature. Estimates indicate "304 million ransomware attacks worldwide in
2020," costing over $19 billion in total economic damage in the United States in 2020.
Statistics from the same year show the "average ransom payment is $154,108." In fact, the largest known ransomware attack on U.S. infrastructure to date perpetrated against Colonial
Pipeline "resulted in a six-day shutdown" and a $4.4 million ransom and "caused widespread
disruption to the fuel supply chain, resulting in gas prices hitting a six-year high." The growing
threat of ransomware attacks requires our federal government agencies--especially the FBI--to
respond quickly and effectively to prevent or minimize the damage from these attacks.

Public reporting raises questions about the FBI's response to this summer's ransomware
attack. The FBI has stated that it withheld the ransomware key it had previously acquired so the
Bureau could engage in an operation to disrupt the Russian-based hackers without tipping them
off. Before the FBI could execute its plan, however, the hackers reportedly disappeared and
their platform went offline. During this delay, many businesses, schools, and hospitals suffered
lost time and money, especially in the midst of the COVID-19 public health crisis.

We request a briefing from the FBI on its legal and policy rationale for withholding the
digital decryptor key as it attempted to disrupt this cyber attack, and the FBI's overall strategy
for addressing, investigating, preventing, and defeating ransomware attacks. Ransomware
hackers have shown their willingness and ability to inflict damage on various sectors of the U.S.
economy. Congress must be fully informed whether the FBI's strategy and actions are
adequately and appropriately addressing this damaging trend.

To schedule the briefing, please contact Committee majority staff at (202) 225-5051 or
minority staff at (202) 225-5074 no later than October 6, 2021. The Committee on Oversight
and Reform is the principal oversight committee of the U.S. House of Representatives and has
broad authority to investigate "any matter" at "any time" under House Rule X. Thank you for
your cooperation with this request.

Sincerely,

Carolyn B. Maloney
Chairwoman

James Comer
Ranking Member

Source