FBI Calls for Better Ransomware Reporting

Companies and individuals affected by ransomware — where malware installed on computers and servers encrypts files and makes them inaccessible until a ransom is paid — often don’t report the crimes, for numerous reasons. The FBI is hoping to change that.

The FBI recently issued a request urging victims of ransomware to report incidents to federal law enforcement, in order to better track new threats and the actual impacts on intended targets.

Pointing to data from cyber security companies, global ransomware infections hit an all-time high during the first half of 2016, with one ransomware infection compromising an estimated 100,000 computers each day during the first few weeks of its release.

“Ransomware infections impact individual users and businesses regardless of size or industry by causing service disruptions, financial loss, and in some cases, permanent loss of valuable data,” the FBI notice reads. “While ransomware infection statistics are often highlighted in the media and by computer security companies, it has been challenging for the FBI to ascertain the true number of ransomware victims as many infections go unreported to law enforcement.”

Acknowledging that ransomware victims may have a number of reasons for not reporting the incidents — including simple embarrassment, privacy concerns and protecting the reputation of their business — the FBI is still urging victims to report every incident, not only to pursue investigations, but to also give authorities a broader understanding of the emerging ransomware threats individuals and businesses are facing.

Additionally, the FBI noted that business servers are being targeted more heavily of late, with victims who have paid ransoms never receiving the decryption keys for their files, instead being extorted for even more money.

“Paying a ransom does not guarantee the victim will regain access to their data; in fact, some individuals or organizations are never provided with decryption keys after paying a ransom,” the FBI notice reads. “Paying a ransom emboldens the adversary to target other victims for profit, and could provide incentive for other criminals to engage in similar illicit activities for financial gain.

“While the FBI does not support paying a ransom, it recognizes executives, when faced with inoperability issues, will evaluate all options to protect their shareholders, employees, and customers.”

To defend against ransomware to begin with, the FBI lists a number of recommendations:

  • Regular, secure backups of data, with backups not connected to computers or networks, thwarting the leverage of ransomware.
  • Ignore links and attachments in unsolicited emails, don’t download software from unknown sites, and always update patches for operating systems and browsers.
  • Use anti-virus and anti-malware software and have them updated automatically.
  • Businesses need to better train employees about ransomware risks, including how it’s delivered.
  • Restrict access to privileged accounts.

To report a ransomware incident, the FBI points people to, and asks for the following information:

  • Date of infection
  • Ransomware variant
  • Victim information
  • Source of infection
  • Ransom paid, if any
  • Losses associated