Advertisement

FBI has conducted more than 30 disruption operations in 2024  

Ransomware gangs take longer to re-establish themselves after disruptive operations, the bureau’s Cythia Kaiser says.
Listen to this article
0:00
Learn more. This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.
A seal reading "Department of Justice Federal Bureau of Investigation" is displayed on the J. Edgar Hoover FBI building in Washington, DC, on August 9, 2022.
(Photo by STEFANI REYNOLDS/AFP via Getty Images)

The FBI is seeing progress in the fight against ransomware gangs after conducting more than 30 disruption operations this year in which officials targeted the infrastructure used by those groups, one of the bureau’s top cybersecurity officials said Wednesday.

Cynthia Kaiser, deputy assistant director of the FBI’s cyber division, said during CyberScoop’s CyberTalks event that disruption operations against ransomware gangs have in some cases stopped gangs from further targeting the U.S.. Ransomware gangs often operate in safe harbor countries like Russia, where there is little hope for extraction to the U.S.

“The FBI emphasizes key services in our disruptions of ransomware groups, targeting the essential services that criminals rely on to conduct their attacks,” Kaiser said.

Ransomware attacks still represent a major national security concern, particularly to critical infrastructure. A recent report found that ransomware attacks are causing an increase in emergency patient care.

Advertisement

While the Justice Department continues to name and shame individuals who are not likely to be extradited, targeting the infrastructure of the criminal operations has become another major strategy to curb cyberattacks. 

During “Operation Cronos” in February, the FBI, the U.K.’s National Crime Agency and other international partners went after the notorious LockBit ransomware gang by seizing servers and disrupting other infrastructure. Authorities were also able to gain access to thousands of decryption keys for potential victim remediation efforts.

“The groups had to take a long time to re-establish infrastructure in order to continue operations,” Kaiser said. “Sometimes this means that we’ve seen them stop targeting the U.S. altogether.”

Kaiser also noted that the FBI and international allies have saved businesses more than $800 million in recent years through ransomware recovery efforts and additional services.

Even so, the FBI’s Internet Crime Complaint Center still sees a “high” number of ransomware attacks, she said. But business models are changing, Kaiser noted, citing ransomware variants that are more focused on data theft than file encryption attacks of old. 
Microsoft researchers reported earlier this month that they have seen fewer ransomware attacks in recent years that made it to the encryption stage.

Latest Podcasts