FBI Urges Organizations to Report Ransomware Incidents to Federal Law Enforcement | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

FBI Urges Organizations to Report Ransomware Incidents to Federal Law Enforcement

September 19, 2016
by Heather Landi
| Reprints
Click To View Gallery

The Federal Bureau of Investigation issued a public service announcement last week urging victims to report ransomware attacks to law enforcement to help the FBI gain a more comprehensive view of the current threat.

According to the FBI notice, new ransomware variants are emerging regularly and cybersecurity companies reported in the first several months of 2016 that global ransomware infections were at an all-time high. “Within the first weeks of its release, one particular ransomware variant compromised an estimated 100,000 computers a day,” FBI officials stated.

Ransomware is a type of malware installed on a computer or server that encrypts the files, making them inaccessible until a specified ransom is paid. According to the FBI, ransomware is typically installed when a user clicks on a malicious link, opens a file in an e-mail that installs the malware, or through drive-by downloads (which does not require user-initiation) from a compromised Web site.

“While ransomware infection statistics are often highlighted in the media and by computer security companies, it has been challenging for the FBI to ascertain the true number of ransomware victims as many infections go unreported to law enforcement,” the FBI stated in the notice.

The FBI also stated that ransomware victims may not report to law enforcement for a number of reasons, “including concerns over not knowing where and to whom to report; not feeling their loss warrants law enforcement attention; concerns over privacy, business reputation, or regulatory data breach reporting requirements; or embarrassment.” Additionally, those who resolve the issue internally either by paying the ransom or by restoring their files from back-ups may not feel a need to contact law enforcement.

The FBI encourages victims to report ransomware incidents regardless of the outcome. “Victim reporting provides law enforcement with a greater understanding of the threat, provides justification for ransomware investigations, and contributes relevant information to ongoing ransomware cases. Knowing more about victims and their experiences with ransomware will help the FBI to determine who is behind the attacks and how they are identifying or targeting victims,” the FBI stated in the public service announcement.

The FBI is requesting victims reach out to their local FBI office and/or file a complaint with the Internet Crime Complaint Center with a number of infection details, including date of infection; ransomware variant (identified on the ransom page or by the encrypted file extension); victim company information (industry type, business size); how the infection occurred (link in e-mail, browsing the Internet); requested ransom amount; actor’s bitcoin wallet address (may be listed on the ransom page); ransom amount paid (if any); overall losses associated with a ransomware infection (including the ransom amount) and victim impact statement.

In the notice, the FBI reiterated that the agency does not support paying a ransom to hackers. “Paying a ransom does not guarantee the victim will regain access to their data; in fact, some individuals or organizations are never provided with decryption keys after paying a ransom. Paying a ransom emboldens the adversary to target other victims for profit, and could provide incentive for other criminals to engage in similar illicit activities for financial gain. While the FBI does not support paying a ransom, it recognizes executives, when faced with inoperability issues, will evaluate all options to protect their shareholders, employees, and customers,” the FBI officials stated.

The FBI also offered recommended prevention and continuity measures to lessen the risk of a successful ransomware attack. Organizations should regularly back up data and verify the integrity of those backups as well as secure backups.

The FBI also recommends that organizations scrutinize links contained in e-mails and do not open attachments included in unsolicited e-mails. In addition, the FBI also suggests organizations ensure application patches for the operating system, software, and firmware are up to date, including Adobe Flash, Java and Web browsers and ensure anti-virus and anti-malware solutions are set to automatically update and regular scans are conducted.

And, the agency recommends organizations implement software restrictions or other controls to prevent the execution of programs in common ransomware locations, such as temporary folders supporting popular Internet browsers, or compression/decompression programs, including those located in the AppData/LocalAppData folder.

Organizations also should focus on awareness and training. “Because end users are often targeted, employees should be made aware of the threat of ransomware, how it is delivered, and trained on information security principles and techniques,” the FBI stated.

 

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Boston Children's Accelerates Data-Driven Approach to Clinical Research

In an effort to bring a more data-driven approach to clinical research, Boston Children’s Hospital has joined the TriNetX global health research network.

Paper Records, Films Most Common Type of Healthcare Data Breach, Study Finds

Despite the high level of hospital adoption of electronic health records and federal incentives to do so, paper and films were the most frequent location of breached data in hospitals, according to a recent study.

AHA Appoints Senior Advisor for Cybersecurity and Risk

The American Hospital Association (AHA) has announced that John Riggi has joined the association as senior advisor for cybersecurity and risk.

Report: Healthcare Accounted for 45% of All Ransomware Attacks in 2017

Healthcare fell victim to more ransomware attacks than any other industry in 2017, according to a new report from global cybersecurity insurance company Beazley.

Study: Use of EHRs Does Not Reduce Administrative Costs

A recent study by Duke University and Harvard Business School researchers found that costs for processing a single bill ranged from $20 for a primary care visit to $215 for an inpatient surgical procedure, or up to 25 percent of revenue.

Kibbe to Step Down as CEO of DirectTrust

David Kibbe, M.D., M.B.A., announced he would step down as president and CEO of DirectTrust at the end of the year.