This time around, though, Bessette is leading the cyber incident response at consulting firm Booz Allen Hamilton, which he joined in 2019. His new team, when their clients ask for assistance, actually help coordinate payments to ransomware groups, something he never did at the FBI. The FBI and other U.S. government agencies also recommend companies never pay the ransom. "The FBI does not support paying a ransom in response to a ransomware attack," the law enforcement agency writes on its website. "Paying a ransom doesn't guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity." FBI director, Christopher Wray, testified before Congress earlier this month, reiterating the policy, despite Colonial and others paying the ransom.

This puts one of the best-known government contractors in the world in a strange position, though Bessette says sometimes businesses decide they need to pay and Booz Allen can work with law firms and digital currency brokers to help with that. "We are the largest provider of cybersecurity to the U.S. government," he says. "But unfortunately, when companies find themselves in a situation where they're losing a million dollars a day, a ransom in the low millions of dollars... especially when there's cyber insurance to help alleviate some of the business impact, becomes a business decision to the victim organizations."

[...] If the FBI is to continue to recommend that people don't pay the crooks, they'll have to come up with a better plan of action for victims. "If the only thing we do to combat ransomware is ask companies to take the hit, it won't get us very far," said Jim Lewis, a senior vice president and director of the Strategic Technologies Program at the Center for Strategic and International Studies think tank. He believes the FBI is working on new approaches to ransomware to help ensure companies don't need to pay, whilst the DOJ is issuing guidance that elevated the priority given to cyberattacks to a level similar to terrorism. In response to calls to go more aggressive against ransomware operators, Biden administration officials are reportedly considering using military agencies' cyber power to counter the threat.

