The FBI yesterday posted a public service announcement urging victims of ransomware attacks to report the incidents to federal law enforcement, regardless of whether or not they pay the demanded ransom.
“Victim reporting provides law enforcement with a greater understanding of the threat, provides justification for ransomware investigations, and contributes relevant information to ongoing ransomware cases,” the announcement states. “Knowing more about victims and their experiences with ransomware will help the FBI to determine who is behind the attacks and how they are identifying or targeting victims.”
Victims are asked to contact their local FBI office or file a complaint online at www.IC3.gov, and provide the date of infection, the ransomware variant involved, information on the victim company, how the infection occurred, the ransom amount demanded, the attacker’s bitcoin address, the ransom amount paid (if any), the overall losses associated with the ransomware infection, and a victim impact statement.
In the announcement, the FBI stated that it does not support paying a ransom to regain access to data. “Paying a ransom does not guarantee the victim will regain access to their data; in fact, some individuals or organizations are never provided with decryption keys after paying a ransom,” it stated. “Paying a ransom emboldens the adversary to target other victims for profit, and could provide incentive for other criminals to engage in similar illicit activities for financial gain.”
According to the Bromium Threat Report [PDF] for 1H 2016, the number of ransomware families has been growing since late 2013, and dozens of new ransomware families have been released since the beginning of 2016.
The current market leader, according to the report, is Locky, with 755 tracked instances infecting removable drives and RAM disks.
“Writing crypto-ransomware appears to be the new norm in the cybercrime underground,” the report states. “Many new samples are being released every day. Most of them, however, have implementation flaws, some of which allow decrypting without the key. Some, unfortunately, will not restore files even if you pay.”
A recent Tripwire survey of 220 information security professionals attending Black Hat USA 2016 found that just 34 percent of respondents were “very confident” their companies could recover from a ransomware infection without losing critical data.
Still, only 19 percent of respondents said they consider ransomware to be one of the two top security threats their organizations face.
“It’s important for businesses to understand the costs associated with data recovery so that they’re prepared for a ransomware infection,” Tripwire senior security research engineer Travis Smith said in a statement. “Follow the 3-2-1 data backup rule: gather three copies of the data on two different types of media, with one of these copies stored off-site.”
A recent eSecurity Planet article offered advice on stopping ransomware.