Skip to content Skip to navigation

FBI Urges Organizations to Report Ransomware Incidents to Federal Law Enforcement

September 19, 2016
by Heather Landi
| Reprints
Click To View Gallery

The Federal Bureau of Investigation issued a public service announcement last week urging victims to report ransomware attacks to law enforcement to help the FBI gain a more comprehensive view of the current threat.

According to the FBI notice, new ransomware variants are emerging regularly and cybersecurity companies reported in the first several months of 2016 that global ransomware infections were at an all-time high. “Within the first weeks of its release, one particular ransomware variant compromised an estimated 100,000 computers a day,” FBI officials stated.

Ransomware is a type of malware installed on a computer or server that encrypts the files, making them inaccessible until a specified ransom is paid. According to the FBI, ransomware is typically installed when a user clicks on a malicious link, opens a file in an e-mail that installs the malware, or through drive-by downloads (which does not require user-initiation) from a compromised Web site.

“While ransomware infection statistics are often highlighted in the media and by computer security companies, it has been challenging for the FBI to ascertain the true number of ransomware victims as many infections go unreported to law enforcement,” the FBI stated in the notice.

The FBI also stated that ransomware victims may not report to law enforcement for a number of reasons, “including concerns over not knowing where and to whom to report; not feeling their loss warrants law enforcement attention; concerns over privacy, business reputation, or regulatory data breach reporting requirements; or embarrassment.” Additionally, those who resolve the issue internally either by paying the ransom or by restoring their files from back-ups may not feel a need to contact law enforcement.

The FBI encourages victims to report ransomware incidents regardless of the outcome. “Victim reporting provides law enforcement with a greater understanding of the threat, provides justification for ransomware investigations, and contributes relevant information to ongoing ransomware cases. Knowing more about victims and their experiences with ransomware will help the FBI to determine who is behind the attacks and how they are identifying or targeting victims,” the FBI stated in the public service announcement.

The FBI is requesting victims reach out to their local FBI office and/or file a complaint with the Internet Crime Complaint Center with a number of infection details, including date of infection; ransomware variant (identified on the ransom page or by the encrypted file extension); victim company information (industry type, business size); how the infection occurred (link in e-mail, browsing the Internet); requested ransom amount; actor’s bitcoin wallet address (may be listed on the ransom page); ransom amount paid (if any); overall losses associated with a ransomware infection (including the ransom amount) and victim impact statement.

In the notice, the FBI reiterated that the agency does not support paying a ransom to hackers. “Paying a ransom does not guarantee the victim will regain access to their data; in fact, some individuals or organizations are never provided with decryption keys after paying a ransom. Paying a ransom emboldens the adversary to target other victims for profit, and could provide incentive for other criminals to engage in similar illicit activities for financial gain. While the FBI does not support paying a ransom, it recognizes executives, when faced with inoperability issues, will evaluate all options to protect their shareholders, employees, and customers,” the FBI officials stated.

The FBI also offered recommended prevention and continuity measures to lessen the risk of a successful ransomware attack. Organizations should regularly back up data and verify the integrity of those backups as well as secure backups.

The FBI also recommends that organizations scrutinize links contained in e-mails and do not open attachments included in unsolicited e-mails. In addition, the FBI also suggests organizations ensure application patches for the operating system, software, and firmware are up to date, including Adobe Flash, Java and Web browsers and ensure anti-virus and anti-malware solutions are set to automatically update and regular scans are conducted.

And, the agency recommends organizations implement software restrictions or other controls to prevent the execution of programs in common ransomware locations, such as temporary folders supporting popular Internet browsers, or compression/decompression programs, including those located in the AppData/LocalAppData folder.

Organizations also should focus on awareness and training. “Because end users are often targeted, employees should be made aware of the threat of ransomware, how it is delivered, and trained on information security principles and techniques,” the FBI stated.

 

Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Two Republican Senators Unveil Proposed ACA Replacement Bill

Two Republican Senators, Bill Cassidy of Louisiana and Susan Collins of Maine, on Monday unveiled a proposed bill, called The Patient Freedom Act of 2017, that, rather than dismantling the Affordable Care Act (ACA), offered a partial replacement that would allow states to continue operating under the law if they choose.

Norris Cochran Tapped to Serve as Acting Secretary at HHS

Norris Cochran has been tapped to serve as Acting Secretary of the U.S. Department of Health and Human Services (HHS) following the departure of former HHS Secretary Sylvia Burwell as part of the ongoing Trump Administration transition.

Consumers Increasingly Willing to Try Telehealth, New Survey Finds

About one in five consumers said they would switch their current primary care provider (PCP) if another PCP in their area offered telehealth visits, according to American Well’s latest survey.

New York Presbyterian Brooklyn Methodist Revalidated as EMRAM Stage 7

Due to its use of RFID technology to improve patient care and outcomes, New York Presbyterian Brooklyn Methodist Hospital (NYPBMH) has received acute care Stage 7 revalidation on the HIMSS Analytics Electronic Medical Record Adoption Model (EMRAM).

Dana Alexander Named 2016 HIMSS Nursing Informatics Leadership Award Winner

Dana Alexander, R.N., has been named the recipient of the 2016 HIMSS-ANI Nursing Informatics Leadership Award, a joint award sponsored by Alliance for Nursing Informatics (ANI) and HIMSS.

Agency Leadership Update: Collins Stays at NIH, Bindman Leaves AHRQ

As President-elect Donald Trump is sworn in as the United States’ 45th president at noon today, there has been an ongoing administration shuffle as agency leaders have stepped down as part of the presidential transition.