FBI reports record-high internet crime, losses in billions for 2021

Cyberattackers wreaked havoc across the U.S. and resulted in a record-high number of internet crime complaints last year, according to new data published by the FBI this week.

The FBI’s Internet Crime Report 2021 showed complaints rose 7% over 2020 to more than 847,000 total complaints that corresponded with crimes costing victims an estimated sum exceeding $6.9 billion.

FBI Deputy Director Paul Abbate wrote in the report that the bureau’s cyber division is working harder than ever to protect people against the surging threats.

“In 2021, America experienced an unprecedented increase in cyberattacks and malicious cyber activity,” Mr. Abbate said. “These cyberattacks compromised businesses in an extensive array of business sectors as well as the American public.”

Business email compromise schemes, cryptocurrency crimes, and ransomware were among the top cyber incidents reported. The FBI recorded the email compromise schemes as the most costly with victims losing nearly $2.4 billion last year. The compromises involved scams where an attacker hacks a computer or dupes someone into transferring funds their way.

Ransomware attackers benefit from other types of cybercrimes, especially as the criminals collect extortion payments in cryptocurrency. The FBI said it received more than 3,700 complaints about ransomware in 2021, with health care appearing as the most victimized infrastructure sector.

According to FBI, the ransomware variants that most frequently hit critical infrastructure were Conti, then LockBit 2.0, followed by REvil.

Fresh concerns about the government’s response to ransomware attackers were aired in a new staff report published on Thursday by Sen. Rob Portman, Ohio Republican.

Mr. Portman’s Senate Homeland Security and Governmental Affairs Committee staff reviewed the example of three unidentified victims of REvil ransomware and discovered they were unhappy with the federal government. One of the victims said the federal government’s response teams appeared to be caught off guard, another said the FBI was unhelpful, and the third dissatisfied victim bemoaned that the FBI did not provide the victim a playbook for how to respond.

A committee aide declined to say when the victims suffered their attacks and said the identities of the victims were shielded in the report to prevent them from getting targeted. The aide said the FBI did not engage with the staff’s study. The FBI did not respond to a request for comment on the report.

Helping the private sector fight cybercriminals is not exactly the charge of the FBI or Cybersecurity and Infrastructure Security Agency, which investigates crimes and disseminates information to bolster networks’ defenses.

Emsisoft threat analyst Brett Callow said companies should develop their own incident response playbooks based upon their unique situations and noted that a grocery chain should think differently than a defense contractor, for example.

Former Rep. Mike Rogers, a Michigan Republican who led the House Permanent Select Committee on Intelligence from 2011-2015, said the U.S. government needs to utilize the expertise of the National Security Agency against attacks hitting businesses.

Mr. Rogers, a former FBI agent, said the bureau is good and improving but primarily focuses on forensics while the NSA has the most sophisticated talent and is the “best player” on America’s team.

“Why not let the best player on the field, or the best player on your team out on the field?” Mr. Rogers said. “Right now, we don’t even let them out of the locker room.”

Mr. Rogers said he understands privacy concerns about using NSA in domestic matters but he thinks if the government does not get the NSA engaged then Americans will not have privacy.