FBI Warns Businesses, ‘Don’t Pay Ransomware’ Demands

Spate of ransomware attacks sees FBI issue warning to US businesses. Main lesson? Don’t pay the criminals and backup often

The FBI has issued a cybersecurity warning to US businesses and organisations after the surge of ransomware attacks in the past year.

The FBI ‘public service announcement’ warned about high impact ransomware and advised against businesses and organisations paying the criminals, as there was no guarantee they will regain access to their locked data.

This week alone has seen hospitals in both the United States and Australia crippled by ransomware attacks.

FBI advice

The FBI said that it has observed cyber criminals using three main techniques to infect victims with ransomware.

The first is the email phishing campaign, where the criminals sends an email containing a malicious file or link, which deploys malware when clicked by a recipient.

The second route is remote desktop protocol vulnerabilities, where criminals use brute-force methods against a proprietary network protocol in order to gain control of a computer over the internet.

The third route is via software vulnerabilities, where cyber criminals take advantage of security weaknesses in widely used software programs to gain control of victim systems and deploy ransomware.

The FBI then issued its advice on what to do if a computer is infected.

“The FBI does not advocate paying a ransom, in part because it does not guarantee an organisation will regain access to its data,” it said. “In some cases, victims who paid a ransom were never provided with decryption keys. In addition, due to flaws in the encryption algorithms of certain malware variants, victims may not be able to recover some or all of their data even with a valid decryption key.”

The FBI also said that paying ransoms emboldens criminals to target other organisations and provides an alluring and lucrative enterprise to other criminals.

Regardless of whether an organisation opts to pay, the FBI urged victims to report ransomware incidents to law enforcement.

The FBI then said the best way to defend against ransomware is to the following the usual security advice.

Most importantly, implement a robust system of backups, as having a recent backup could prevent a ransomware attack from crippling an organisation.

So the message is clear, back up regularly and verify its integrity.

Other steps organisations can take is focus on awareness and training for staff members; patch operating systems and software as soon as possible; and ensure anti-virus and anti-malware solutions are set to automatically update.

Other advice is to implement the least privilege for file, directory, and network share permissions, disable macro scripts from Office files; and implement software restriction policies or other controls to prevent the execution of programs in common ransomware locations, such as temporary folders.

Clear and present danger

A security expert said the FBI warning was timely and there is a clear and present danger to organisations of all sizes from ransomware attacks.

“Since I created a vaccine to stop the NotPetya ransomware attack in 2017, hackers have evolved their strategies and continue to look for easy targets,” said Amit Serper, head of security research at Cybereason. “And today the proverbial low hanging fruit includes municipalities, local and regional law enforcement agencies and colleges. They are all caught in the crosshairs.”

“With ransomware, attackers are either exploiting browser vulnerabilities or sending malicious attachments,” said Serper. “Users should keep browsers and email clients updated and patched and every attachment should be treated with suspicion, especially if it is coming from an unfamiliar email address.”

“I strongly discourage paying the ransom,” Serper added. “Every ransom that’s paid only encourages the attackers to conduct more attacks and up the ante each time. Organisations should understand and internalise that ransomware is a real threat and should prepare for it by performing constant system backups which will allow them to quickly get back on their feet once attacked. Organisations should also employ various security and anti-ransomware solutions in advance.”

Do you know all about security? Try our quiz!