Washington, D.C. (September 29, 2021)— Today, House Committee on Oversight and Reform Ranking Member James Comer (R-Ky.) and Chairwoman Carolyn Maloney (D-N.Y.), sent a letter to the Federal Bureau of Investigation (FBI) Director Christopher Wray requesting a briefing on the FBI’s three-week delay in aiding hundreds of businesses and institutions that were successfully targeted by a major ransomware attack this past summer. Cyber-attacks, including ransomware attacks, have become more severe and the lawmakers are requesting information to understand the rationale behind the FBI’s decision to withhold critical assistance as the FBI sought to disrupt the attack.

“Earlier this summer, a Florida-based software company was the victim of a ransomware attack that compromised between 800 and 1,500 businesses around the world. Although the Federal Bureau of Investigation (FBI) reportedly obtained a digital decryptor key that could have unlocked affected systems, it withheld this tool for nearly three weeks as it worked to disrupt the attack, potentially costing the ransomware victims—including schools and hospitals—millions of dollars,” wrote the lawmakers.

“The growing threat of ransomware attacks requires our federal government agencies—especially the FBI—to respond quickly and effectively to prevent or minimize the damage from these attacks. Public reporting raises questions about the FBI’s response to this summer’s ransomware attack. The FBI has stated that it withheld the ransomware key it had previously acquired so the Bureau could engage in an operation to disrupt the Russian-based hackers without tipping them off. During this delay, many businesses, schools, and hospitals suffered lost time and money, especially in the midst of the COVID-19 public health crisis. … Ransomware hackers have shown their willingness and ability to inflict damage on various sectors of the U.S. economy. Congress must be fully informed whether the FBI’s strategy and actions are adequately and appropriately addressing this damaging trend,” concluded the lawmakers.

To understand the FBI’s decision, the lawmakers are requesting a briefing from the FBI on its legal and policy rationale for withholding the ransomware key, as well as the FBI’s overall strategy for addressing, investigating, preventing, and defeating ransomware attacks.

Read the letter to Director Wray here.