The FBI’s New Stance on Ransomware

• 30 September 2016
• by: Hailey Carlson
• in: Ransomware
• Tags: ransomware
• note: no comments

Ransomware is a type of malicious software designed to block access to a computer system until a sum of money, or ransom, is paid. Though now primarily known by this definition as a cybercrime, ransomware has been around since before the internet gained its popularity. The first instance of the threat occurring in 1989 was actually via postal mail and it was known as AIDs Trojan. This original variant spread via floppy disks and involved sending $189 to a post office box in Panama as payment for the ransom. Since then, the threat has grown drastically with the flourishing of the internet, not only in its complexity but in its reach as well.

Ransomware has attacked millions of victims across a multitude of industries with education, healthcare, and government among some of the most highly targeted sectors. Instances of the cyber-threat have increased by over 53% in the past 12 months, with projections set to rise even more significantly by the end of 2016. Not only have ransomware scam artists been able to infect millions of people’s computers and hold their files for ransom, often after encrypting them, but they have made a lot of money doing so. Last year alone, the cyber threat brought in upwards of $325 million for cybercriminals, and it appears as though their paydays are growing in number and in ransom amount paid. Evolving from the checks sent to that P.O. box in Panama to difficult-to-trace bitcoin transactions that are so predominant in ransomware today, the threat and its multiple different creators are getting harder and harder to stop.

Throughout the years, there have been varying opinions on how to handle this cyber-crime. Of course you don’t want to fund cybercriminals’ vacations by paying the ransom, but you also need to regain access to your precious files that mean so much to your business. What do you do in this case? Well the FBI has come out with a clear stance on what they think needs to be done in order to stop, or at least slow down, ransomware in its tracks.

Contradictory to their opinion last year where they encouraged companies to just pay the ransom in order to regain access to important files that were encrypted by ransomware variants including Cryptolocker, Cryptowall and other malware, the FBI now says that you should not pay the ransom and you should report any instance of the cybercrime to them directly. This change of heart on the matter was not made lightly. The FBI’s goal in all of this is to be able to better assess the magnitude of the threat that ransomware poses. In a public service announcement on September 15th, 2016, the FBI explains why they are asking for ransomware victims’ help:

“Victim reporting provides law enforcement with a greater understanding of the threat, provides justification for ransomware investigations, and contributes relevant information to ongoing ransomware cases. Knowing more about victims and their experiences with ransomware will help the FBI to determine who is behind the attacks and how they are identifying or targeting victims.”

While reporting an incident will help the FBI be able to keep track of the number of ransomware attacks out there, they are looking for some specific data that will be of extreme help in finding these ransomware scam artists. Here are some specifics that the FBI is looking for:

1. Date of Infection
2. Ransomware Variant (identified on the ransom page or by the encrypted file extension)
3. Victim Company Information (industry type, business size, etc.)
4. How the Infection Occurred (link in e-mail, browsing the Internet, etc.)
5. Requested Ransom Amount
6. Actor’s Bitcoin Wallet Address (may be listed on the ransom page)
7. Ransom Amount Paid (if any)
8. Overall Losses Associated with a Ransomware Infection (including the ransom amount, if paid)
9. Victim Impact Statement

While the FBI is eager to receive all of these reports in an attempt to stop the cyber-crime, in its September 15th PSA, the FBI also stresses the importance of strong cyber-defenses in order to avoid the threat in the first place. A few common key elements to this security include the installation of a secure firewall and regularly backing up data. If you find that you are the victim of ransomware, please contact the FBI immediately and provide them with as much of the information above as possible. If you would like to prepare your defenses against such an attack, please contact Axiom Cyber Solutions to learn more about how to get and stay protected. Our patented ransomware algorithm and team of managed cybersecurity experts will make sure you and your business are taken care of.

Hailey Carlson | Axiom Cyber Solutions | 9/30/2016