Ransomware Update: The FBI is Coming, The FBI is Coming...

Q: Why was the Computer so tired when it got home?

A: Because it had a hard drive

While the joke above is pretty funny (at least I thought it was), Ransomware is no joke. I have written several blog posts about Ransomware over the past 9 months and the dangers that these types of attacks present an organization. Now, the FBI is becoming concerned and has issued recent guidance around the fact that Ransomware has become a significant problem for all organizations, no matter what size or industry they are in.

Why The Guidance?

Why is the FBI getting involved now when this has been going on for so long? Here are a couple of reasons why:

1. New variants of Ransomware are emerging on almost a daily basis. In fact, the Cybercrime-as-a-Service (CaaS?) is evolving rapidly where criminal organizations are selling their Ransomware code/encryption to other criminals to use. With this ever changing threat landscape and the speed of deployment of different strains of Ransomware, the threat of infections is at an all time high. According to the FBI, one particular strain of Ransomware was responsible for infecting an estimated 100,000 computers per day. Wow!
2. Recent variations of Ransomware are attacking vulnerable business servers as opposed to individual users. Why? They can charge more for the decryption key (remember, the goal of Ransomware is to make money). What used to once be a single amount for the decryption key, these threats are evolving to look at the number of affected hosts/targets and increasing the ransom. Not good! This new attack methodology could lead to longer recovery times, more out of pocket costs, and the possibility of never getting all files decrypted. (Click here for the full FBI release)

Reporting Ransomware

In addition to the new guidance, the FBI is asking for your help if you are victimized by Ransomware as they want you to report the incident to them. Reports can be filed online at www.IC3.gov and should include the following information:

• Date of Infection
• Ransomware Variant (Name or file extension)
• Company Information (Size, Industry, etc.)
• How Infection Occurred (Malicious Email Link, Web Browsing, etc.)
• Ransom Amount
• Criminal's Bitcoin Wallet Address
• Ransom Amount Paid (If any)
• Overall Losses Associated with Attack (Including Ransom Amount)
• Victim Impact Statement 

Neither Compass or the FBI endorse the payment of any ransom as this continues to encourage more criminal organizations to take part in these types of schemes. Sharing this information with the FBI will do nothing but help stop these criminals from continuing to engage in these activities. 

As these threats change, so do the methods that these "hackers" use to gather information about you, your employees, and your business. In the age of the Internet and Social Media, you would be shocked at how easy it is for these criminals to get information about you and build an attack strategy. 

Upcoming Webinar

On September 29th at 1:00 PM EST, Compass will be hosting a 60-minute webinar on how "hacking" has changed and what you need to do to protect yourself from becoming a victim. Plus, at the end of the webinar, we are going to live demo some of the shelf tools that these "hackers" can use to gather this information. Trust me, this is something that you won't want to miss as the information will be eye-opening! Register below and we can't wait to see you on the 29th!