FBI Warning Cites More Highly-Targeted and Expensive Ransomware Attacks

In a September 16 alert, the FBI warned of ransomware variants that are more frequently targeting highly-vulnerable business servers and how they are like a focused virus, looking for big servers without adequate security defenses. The law enforcement agency also noted that the number of compromised network servers and devices have drastically multiplied, via more target-specific attacks. Even with the huge spike in ransomware attacks, only 600 FBI agents are available right now to investigate ransomware attacks, which can only cover a portion of the attacks. This means we all have to play a bigger part in preventing ransomware attacks.

FBI Ransomware

Don’t Pay the Ransom, Says the FBI

Instead of complying with cybercriminals who only gain more leverage and confidence with every ransomware payoff, the FBI has officially informed ransomware victims not to pay the ransom. Instead, says the agency, contact your local FBI office and/or file a complaint with the Internet Crime Complaint Center at www.IC3.gov. Don’t pay the ransom. There is no guarantee that paying it will even return you your data files. There are documented cases where organizations have paid to get the decryption key and were ignored. Paying the ransom only emboldens and aids cybercriminals in their exploits. The FBI does, however, recognize and understand instances where executives weighed the cost of having inoperability issues vs. the relatively low cost of a ransom note request (roughly $600 on average).

The FBI asks that ransomware victims provide the following details regarding your experience, where applicable:

  • The date of the infection
  • The ransomware variant or type
  • Your company name and industry
  • The requested ransom amount
  • The bitcoin wallet address of the perpetrator
  • The amount of ransom paid, if any
  • Your overall losses, including the ransomware amount and those incurred through downtime
  • Victim impact statement

How to Prevent a Ransomware Attack

First, you will want to implement cyber safety education and awareness policies in the workplace. It has been shown that a more well-educated and aware office staff will be far less likely to click on questionable links such as those embedded in email phishing schemes that routinely dole out ransomware exploits. Having effective cybersecurity policies in the workplace that are strictly followed will also greatly reduce the chances of a ransomware attack. This is, of course, in addition to the antivirus and firewall security technology you will also want to have in place.

Frequently backing up your data is among the best ways to avoid ransomware attacks. With effective backup measures implemented, you can more confidently ignore ransomware demands and encryptions. Always have backups in place that aren’t attached to PCs or networks. Malware and viruses can even infiltrate data files that are backed-up via cloud servers (known as “persistent synchronization”), so store at least one complete backup of your entire data network on a completely network-disconnected machine or device.

You’ll also want to:

  • Scrutinize links contained in e-mails and do not open attachments included in unsolicited e-mails.
  • Only download software – especially free software – from sites you know and trust.
  • Ensure that application patches for your operating system, software, and firmware are up to date, including Adobe Flash, Java, Web browsers, etc.
  • Ensure anti-virus and anti-malware solutions are set to automatically update, and regular scans are conducted.
  • Disable macro scripts from files transmitted via e-mail. Try using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full Office Suite applications.
  • Implement software restrictions or other controls to prevent the execution of programs in common ransomware locations, such as temporary folders supporting popular Internet browsers, or compression/decompression programs, including those located in the AppData/LocalAppData folder.

Ransomware Quick Facts

  • The FBI fielded approximately 2,500 reports of ransomware infections in 2015.
  • Most affected industries include Healthcare (88 percent), Education (6 percent) and Finance (4 percent), with eight other industries combining for less than 2 percent of detections.
  • 43 percent of data breaches targeted companies with less than 250 employees. This figure has been steadily rising over the last five years, up from 18 percent in 2011, and will likely continue to rise in the coming years.
  • The top 3 out of 11 categories, Web application, malware and application-specific attacks, accounted for roughly 62 percent of all ransomware attacks. Threat actors focused primarily on web applications, which were the target of nearly 24 percent of all attacks.
  • Attacks focusing on ActiveX or Adobe products accounted for nearly 48 percent of all attacks against the top five industries (retail, healthcare, education, finance and technology).
  • The retail sector was the focus of 18 percent of all attacks during Q2 2016.
  • Germany was the number-one source of all non-U.S. based attacks, responsible for nearly 15 percent of attacks overall.

Contact an IT Expert for Greater Cybersecurity Assurance

If you need further advice about ransomware prevention and cyber safety awareness and security, Cat-Tec is a proven leader in providing IT consulting and cybersecurity in Southern Ontario. Contact one of our IT experts at (416) 840-6560 or send us an email at info@cat-tec.com today, and we can help you with all your cyber safety, defense, and security questions or needs.

l

Contact Us

  • 2 Elgin Park Drive,
  • PO Box 10029 Elgin Park P.O.
  • Uxbridge, Ontario, L9P 0B0
  • Phone: (416) 840-_6560
  • Fax: (416) 946-_1950
Computer Support Durham Region Computer Support Ajax