CORRECTED: The Ransomware Threat to Agencies

Virgiliu Obada/

Ransomware is running rampant across systems in state and local government, businesses and homes across the country.

Editor’s Note: This story has been corrected and revised.

The claim that the FBI and the Department of Homeland Security have paid off hackers to remove malicious software from their systems, as described in a new report from the Institute for Critical Infrastructure Technology, is not accurate, according to one of the report’s co-authors.

The report, which contained a broad overview of the threat of ransomware, claimed law enforcement agencies -- including DHS and the FBI -- had been victims of ransomware attacks and that the FBI, specifically, had paid hackers to unlock data.

That is not accurate and the error was included by mistake in an unedited, preliminary version of the report, said James Scott, who’s also a senior fellow with the group.

Nextgov earlier today reported the paper’s findings before learning of the inaccuracy.

The group released a “soft launch” of the report today. The report, "2016 Will Be the Year Ransomware Holds America Hostage, is no longer available online but will be edited and posted again by Wednesday, Scott said. Carnegie Mellon University research Drew Spaniel is the report’s co-author.

Ransomware, as it's known, is a digital form of extortion running rampant across systems in state and local government, businesses and homes across the country. The attacks generally originate from malicious emails or websites that trick users into downloading encryption software that locks their data until they wire money for a key code.

The report did not provide details about specific ransomware attacks purportedly affecting government agencies. Nextgov had requested comment from the FBI and Homeland Security.  

In Dec. 3, 2015 letters, the leaders of the Senate Homeland Security and Governmental Affairs Committee point blank asked DHS and the Justice Department if they or other federal agencies have paid hackers to retrieve hacked government information.  

On Monday, a committee aide told Nextgov that staff still are reviewing responses from the government, since some of the answers were just received.