Top government contractor Booz Allen helps cyber victims pay ransoms – the exact opposite of US policy


The consultancy helps ransomware victims negotiate with cybercriminals and sometimes reimburse them to reopen hacked businesses, which is in stark contrast to what the federal government advises.

B During the FBI era, Jerry Bessette witnessed firsthand the carnage caused by hackers. In 2014, he investigated what was then one of the most significant digital security breaches of all time, an attack on Sony Pictures. Ultimately blamed on North Korea, the hack led to the release of Sony’s treasure trove of confidential information, including damaging internal emails, some written by Sony co-chair Amy Pascal, who left the company. .

In recent years, the 24-year-old FBI veteran has once again been at the forefront of witnessing how ransomware has become a bane not only for top executives like Pascal, but the average consumer as well. Recent incidents involving healthcare facilities, gas giant Colonial Pipeline and beef supplier JBS have all shown just how such attacks, in which hackers steal data, lock victims’ files, and demand ransom in return. of their unlocking, can be. Colonial and JBS ended up paying the hackers millions. “They’ve really taken it to the next level,” says Bessette. Forbes. “They are very sophisticated criminal organizations, not much different from the drug and terrorist organizations that we have seen in the last 10 or 20 years.”

This time around, however, Bessette is leading cyber incident response at consulting firm Booz Allen Hamilton, which he joined in 2019. In his new role, he actually helps the company’s clients negotiate with them. pirates, which he never did to the FBI. In some cases, it even recommends paying the ransom, which goes against what the FBI and other US government agencies recommend. “The FBI does not support the payment of a ransom in response to a ransomware attack,” writes the law enforcement agency on its website. “Paying a ransom does not guarantee that you or your organization will get your data back. It also encourages perpetrators to target more victims and encourages others to become involved in this type of illegal activity. FBI Director Christopher Wray testified before Congress earlier this month, reiterating the policy, although Colonial and others paid the ransom.

Bessette acknowledges the irony of one of the world’s best-known government contractors going against the recommendations of the federal agency. “We are the US government’s largest cybersecurity provider,” he says. “But unfortunately, when businesses find themselves in a situation where they lose a million dollars a day, a ransom of a few million dollars … especially when there is cyber insurance to help alleviate some of the business impact, becomes a business decision to victims organizations.

Indeed, the payment of ransoms involves risks. One of the most important is inadvertently paying millions in Bitcoin to a sanctioned entity in a country like North Korea or Iran. Bessette says there are ways to mitigate this risk. Booz Allen and the digital currency brokers who help organize the payment perform a series of compliance checks so they don’t knowingly pay a sanctioned body. Insurers, who can cover the cost of the payment, also typically employ a law firm to make sure they are also doing their due diligence, looking at where the payments are going.

“The Treasury Department may take civil enforcement action against the organization and they will consider whether there was a pre-existing compliance program, what type of checks were performed and whether there was any cooperation in law enforcement, ”says Bessette. Ultimately, Booz wants to help victims stay calm and avoid paying or convince hackers to lower their ransom demand.

There are other, smaller companies that have been in ransomware negotiations for some time, with Connecticut-based Coveware and Virginia’s GroupSense being two of the more well-known names. That with a market cap of $ 12 billion, a 107-year-old government entrepreneur like Booz Allen is now involved in this once niche business, going against the recommendation of one of his biggest clients, shows how badly things have gone, as companies have little recourse other than paying the hackers, who run away with tens of millions every year. It also adds legitimacy to the practice of paying these same criminals, which could potentially fund other crimes, whether cyber or otherwise.

Hank Thomas, a former Booz executive and CEO of security investment firm Strategic Cyber ​​Ventures, says entrepreneurs like his former employer are in a “tough spot.” “On the one hand,” he says, “they are building world-class cyber capabilities for the US government’s defense apparatus to counter global adversaries like China, Iran and Russia. On the other hand, their private sector clients are also asking them to help them with all types of cybersecurity issues, which increasingly includes ransomware victims. Ransomware victims usually have no idea which criminal group they are negotiating with, or where the ransom will be paid. What is known is that often these groups work directly or indirectly with governments hostile to the United States, often our greatest global adversaries, which at least provide them with a safe haven for their global cybercriminal syndicates.

But increasingly, paying the ransom – as the Colonial Pipeline operators did after a recent hack that cut off gasoline supplies in the eastern United States – is seen as an acceptable business decision. Former NSA analyst and co-founder of security firm BreachQuest, Jake Williams, says he helps clients pay ransoms when needed. “While it’s easy to say that ransoms should never be paid, that’s just not the reality for too many organizations. Colonial, after paying $ 4.4 million in cryptocurrency for the keys to reopening its pipeline to a team of hackers known as Darkside, managed to recover much of that stolen money through action. fast from the Department of Justice. The money was recovered by a recently launched ransomware and digital extortion task force, established as part of the government’s response to cyber attacks. Colonial did not comment on the ransom or its recovery.

“I would love to never negotiate ransom again, thinking about it makes me a little nauseous. But I also won’t claim that paying ransoms hasn’t been a net positive for most of the organizations I have had it for. Even when we’re not talking about something as big as the Colonial Pipeline, getting the company back up and running has real impacts outside of cyberspace.

If the FBI is to continue to recommend that people don’t pay crooks, they will have to come up with a better course of action for victims. “If the only thing we’re doing to fight ransomware is asking companies to take the hit, it won’t get us very far,” said Jim Lewis, senior vice president and director of the strategic technologies program at the Center for Strategic and International. Study think tank. “The FBI will be in a stereocoordinate only the investigation of attacks, while issuing guidance that has raised the priority given to cyberattacks to a level similar to terrorism. In response to calls to become more aggressive against ransomware operators, And officials in the Biden administration are would have considering using the cyber power of military agencies to counter the threat.

Leave A Reply

Your email address will not be published.