Skip to content Skip to navigation

FBI Urges Organizations to Report Ransomware Incidents to Federal Law Enforcement

September 19, 2016
by Heather Landi
| Reprints
Click To View Gallery

The Federal Bureau of Investigation issued a public service announcement last week urging victims to report ransomware attacks to law enforcement to help the FBI gain a more comprehensive view of the current threat.

According to the FBI notice, new ransomware variants are emerging regularly and cybersecurity companies reported in the first several months of 2016 that global ransomware infections were at an all-time high. “Within the first weeks of its release, one particular ransomware variant compromised an estimated 100,000 computers a day,” FBI officials stated.

Ransomware is a type of malware installed on a computer or server that encrypts the files, making them inaccessible until a specified ransom is paid. According to the FBI, ransomware is typically installed when a user clicks on a malicious link, opens a file in an e-mail that installs the malware, or through drive-by downloads (which does not require user-initiation) from a compromised Web site.

“While ransomware infection statistics are often highlighted in the media and by computer security companies, it has been challenging for the FBI to ascertain the true number of ransomware victims as many infections go unreported to law enforcement,” the FBI stated in the notice.

The FBI also stated that ransomware victims may not report to law enforcement for a number of reasons, “including concerns over not knowing where and to whom to report; not feeling their loss warrants law enforcement attention; concerns over privacy, business reputation, or regulatory data breach reporting requirements; or embarrassment.” Additionally, those who resolve the issue internally either by paying the ransom or by restoring their files from back-ups may not feel a need to contact law enforcement.

The FBI encourages victims to report ransomware incidents regardless of the outcome. “Victim reporting provides law enforcement with a greater understanding of the threat, provides justification for ransomware investigations, and contributes relevant information to ongoing ransomware cases. Knowing more about victims and their experiences with ransomware will help the FBI to determine who is behind the attacks and how they are identifying or targeting victims,” the FBI stated in the public service announcement.

The FBI is requesting victims reach out to their local FBI office and/or file a complaint with the Internet Crime Complaint Center with a number of infection details, including date of infection; ransomware variant (identified on the ransom page or by the encrypted file extension); victim company information (industry type, business size); how the infection occurred (link in e-mail, browsing the Internet); requested ransom amount; actor’s bitcoin wallet address (may be listed on the ransom page); ransom amount paid (if any); overall losses associated with a ransomware infection (including the ransom amount) and victim impact statement.

In the notice, the FBI reiterated that the agency does not support paying a ransom to hackers. “Paying a ransom does not guarantee the victim will regain access to their data; in fact, some individuals or organizations are never provided with decryption keys after paying a ransom. Paying a ransom emboldens the adversary to target other victims for profit, and could provide incentive for other criminals to engage in similar illicit activities for financial gain. While the FBI does not support paying a ransom, it recognizes executives, when faced with inoperability issues, will evaluate all options to protect their shareholders, employees, and customers,” the FBI officials stated.

The FBI also offered recommended prevention and continuity measures to lessen the risk of a successful ransomware attack. Organizations should regularly back up data and verify the integrity of those backups as well as secure backups.

The FBI also recommends that organizations scrutinize links contained in e-mails and do not open attachments included in unsolicited e-mails. In addition, the FBI also suggests organizations ensure application patches for the operating system, software, and firmware are up to date, including Adobe Flash, Java and Web browsers and ensure anti-virus and anti-malware solutions are set to automatically update and regular scans are conducted.

And, the agency recommends organizations implement software restrictions or other controls to prevent the execution of programs in common ransomware locations, such as temporary folders supporting popular Internet browsers, or compression/decompression programs, including those located in the AppData/LocalAppData folder.

Organizations also should focus on awareness and training. “Because end users are often targeted, employees should be made aware of the threat of ransomware, how it is delivered, and trained on information security principles and techniques,” the FBI stated.

 

Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Global EHR Market to Hit $33B by 2025, Report Finds

The global electronic health records (EHR) market is expected to reach $33.4 billion by 2025, according to new analysis from Research and Markets.

Change Healthcare Becomes First HIT Org to Join Blockchain Collaborative at Top Level

Hyperledger, an open source collaborative effort created to advance blockchain technology, has announced that Change Healthcare has become the first healthcare organization to join at the initiative’s top membership level.

UChicago Medicine, Google Collaborating to Use Machine Learning, EHRs to Reduce Readmissions

The University of Chicago Medicine is collaborating with Google on an initiative that focuses on using new machine-learning techniques to create predictive models that could help prevent unplanned hospital readmissions, avoid costly complications and save lives.

Pilot Projects Link PCORnet, FDA’s Sentinel Program

Two pilot projects under way are seeking to demonstrate the value of data linkage between the Patient-Centered Clinical Research Network (PCORnet) and other distributed networks, such as the FDA’s Sentinel program.

Report: Despite Uncertainty, Healthcare Execs Focused on Value-Based Care Strategies

Despite current uncertainties in the healthcare market, heightened by the recent passage of the Republican-led healthcare bill in the U.S. House of Representatives, most health system leaders are sticking to their existing business strategies, and will keep their organizations moving towards value-based care, according to a new leadership survey by national healthcare advisory firm BDC Advisors.

Report: Clinical, IT Leaders Need to Increase Collaboration on IT Investments

A HIMSS Analytics and Vocera survey report examines the collaboration between clinical and IT leaders on clinical IT investments and also has some interesting findings on the extent that clinical IT contributes to care team, and IT team, burnout.