The relationship between the FBI and private companies over the past 20 years has often been cold and combative, such as the FBI's 2016 efforts to force Apple to unlock the iPhone of a terrorist involved in the San Bernardino, Calif. shooting, The Wall Street Journal reported Feb. 9.
In 2022, when FBI agents infiltrated Hive, a ransomware group that had demanded hundreds of millions of dollars from about 1,500 companies, hospital networks and other targets, they found that only 20 percent of the victims had approached law enforcement, the report said.
Director Christopher Wray and other FBI senior officials are now pushing to turn that around. Bryan Vorndran, the bureau's top cyber official, often tells cybersecurity experts the agency is aiming to provide "Ritz Carlton-level customer service" to organizations that report when they are hit by a cyberattack, the report said.
The FBI, Mr. Vorndran has said, will fight with regulators and deal with the media on the behalf of those who report cyberattacks, the report said. The agency says it can only fight those attacks effectively if it cooperates closely with those targeted, including trusting the FBI with sensitive corporate information.
The Securities and Exchange Commission has sued public companies that don't tell investors they have been victimized by cyberattacks, and in January it tried to force a law firm to surrender client names and other information about a 2020 email systems breach that could have facilitated illicit trading, the report said. The FBI is distancing itself from such efforts.
"If [the] SEC comes to us and says, 'FBI, we want what X victim gave to you, you give it to us,' our answer is, 'absolutely not,' " Mr. Vorndran told security executives at a 2022 conference, The Journal reported. "The regulatory relationship is between the regulator and the victim. The FBI is not a proxy for that, and we will never allow ourselves to be used as proxy."
The FBI's Hive network infiltration saw the agency capture the digital keys to unlock hijacked computers and distribute them to victims, the report said. That action saved those organizations about $130 million in ransom.
"The FBI could have just gone out to arrest individuals and shut down the servers," Alex Iftimie, a former national-security prosecutor who works at the law firm Morrison Foerster representing companies targeted in cyber intrusions, told The Journal.
Its goal instead was to limit harm to victims, even if it meant forfeiting a potential arrest in the future, the report said. That "speaks volumes to victims," Mr. Iftimie said.