The FBI urges victims to report ransomware incidents to federal law enforcement to help authorities gain a more comprehensive view of the current threat and its impact on U.S. victims.
Ransomware infections impact individual users and businesses, regardless of size or industry, by causing service disruptions, financial loss and, in some cases, permanent loss of valuable data. While ransomware infection statistics are often highlighted in the media and by computer security companies, the FBI faces challenges ascertaining the true number of ransomware victims as many infections go unreported, according to the Bureau.
“Victims may not report to law enforcement for a number of reasons, including concerns over not knowing where and to whom to report; not feeling their loss warrants law enforcement attention; concerns over privacy, business reputation, or regulatory data breach reporting requirements; or embarrassment,” the FBI says. “Additionally, those who resolve the issue internally either by paying the ransom or by restoring their files from back-ups may not feel a need to contact law enforcement.”
The FBI is urging victims to report ransomware regardless of the outcome. Victim reporting provides law enforcement with a greater understanding of the threat, justifies ransomware investigations, and helps investigate other ransomware cases. Knowing more about victims and their experiences with ransomware will help the FBI determine who is behind the attacks and how they identify or target victims.
Recent variants have targeted and compromised vulnerable business servers (rather than individual users) to identify and target hosts, multiplying the number of potential infected servers and devices on a network. Actors engaging in this targeting strategy also charge ransom based on the number of hosts (or servers) infected. Additionally, recent victims of these types of ransomware variants have not been provided the decryption keys for all their files after paying the ransom, and some have been extorted for even more money after the first payment, the announcement says.
This recent technique of targeting host servers and systems could force victims to pay more to get their decryption keys, prolong recovery time, and raise the possibility that victims will not obtain full decryption of their files.
The FBI does not support ransom payments. Paying a ransom does not guarantee the victim will regain access to the data; in fact, some individuals or organizations are never provided with decryption keys after paying a ransom. Payment emboldens the adversary to target other victims for profit, and could encourage other criminals to engage in similar illicit activities. The FBI, however, recognizes executives, when faced with inoperability issues, will evaluate all options to protect their shareholders, employees, and customers.
The FBI recommends users consider the following prevention and continuity measures to lessen the risk of a successful ransomware attack:
Additional considerations for businesses include the following:
Cyber security companies cited by the FBI reported that, in the first several months of 2016, global ransomware infections were at an all-time high. Within the first weeks of its release, one particular ransomware variant compromised an estimated 100,000 computers a day.
Ransomware was seen as a major threat in the top predictions list in cyber security for 2016 by Bitdefender CTO Bogdan Dumitru. This March, Palo Alto Networks researchers revealed KeRanger ransomware targeted Mac users for the first time, realizing Bitdefender’s predictions about ransomware’s expansion to new operating systems in 2016.
“We’ve already seen ransomware for Linux, Windows and Android. Mac OS is just around the corner,” Dumitru said in December 2015. “It targets both consumers and companies, and the 2016 versions not only will encrypt files and ask for ransom, but will also make all documents available on the internet if ransom is not paid. In an ironic twist, the victim will be able to recover encrypted files – when they are uploaded on the internet for public shaming.”
“Ransomware has probably been the largest unresolvable threat to Internet users ever since 2014, and it will remain one of the most important drivers of cybercrime in 2016,” Bitdefender noted. “While some operators will prefer the file encryption approach, some more innovative groups will focus on developing ‘extortionware’ (malware that blocks accounts on various online services or that expose data stored locally to everybody on the Internet). Throughout 2016, file-encrypting ransomware will most likely expand to Mac OS X as well.”
Last year, reports show millions of users fell victim to CryptoWall version 3.0 (and many go unreported), adding over $350 million to cyber-criminals’ bank accounts.
tags
Former business journalist, Razvan is passionate about supporting SMEs into building communities and exchanging knowledge on entrepreneurship. He enjoys having innovative approaches on hot topics and thinks that the massive amount of information that attacks us on a daily basis via TV and internet makes us less informed than we even think. The lack of relevance is the main issue in nowadays environment so he plans to emphasize real news on Bitdefender blogs.
View all postsDon’t miss out on exclusive content and exciting announcements!