The Federal Bureau of Investigation this week urged victims of ransomware to report infections to federal law enforcement in hopes of better understanding the threat.
The agency, in tandem with the Internet Crime Complaint Center (IC3), issued a public service announcement on Thursday asking ransomware victims to come forward and share their stories. The FBI is hoping victims can supply either them or the IC3 with data about attacks, including:
- The date they were infected
- The ransomware variant that hit them
- How the infection occurred
- How much the attackers asked for
- If they paid the ransom
- The attackers’ Bitcoin wallet address
- If they suffered any losses from the infection
As the IC3 usually requires with complaints, victims will be asked to include their name, address, telephone number and email in a complaint, in order for the agency to follow up with them.
The agency has been sounding the alarm over the ransomware for more than a year – first warning of schemes associated with the variant Cryptowall before describing several ransomware scenarios in March. In April it urged individuals implement a robust back up and recovery plan and to be wary of suspicious attachments in emails.
While the agency has always encouraged ransomware victims to contact their local FBI field office or file a complaint with the IC3, it wasn’t until this week that it explained exactly what sort of data it hopes to receive.
The agency acknowledges that victims may not want to come forward – either because of embarrassment, concerns over their privacy, their business reputation, or regulatory data breach reporting requirements but is urging users to report incidents regardless of the outcome. The PSA claims additional information about incidents will provide justification for further investigations and help the agency identify the attackers.
The FBI took the moment to again remind the general public that it does not support paying a ransom to regain access to their data, pointing out that paying a ransom doesn’t guarantee victims will regain access to their data and that by doing so it incentivizes adversaries to target other victims for profit.
Even if you pay the ransom, you might not get your files back. There’s no honor among thieves. Regardless, report it to FBI. #RansomwareFTC
— FTC (@FTC) September 7, 2016
The PSA echoes sentiments made last week by Will Bales, a Supervisory Special Agent in the Federal Bureau of Investigation’s Cyber Division, at a workshop on ransomware held by the Federal Trade Commission.
Panelists during a panel earlier that day discussed how companies can do a lot to eliminate the threat of ransomware up front by enforcing better basic cyber hygiene.
Bales, who spoke alongside experts from PriceWaterhouseCoopers’ cybersecurity division and Charles River Associates during a later panel – “What Happens If You Become a Victim?” – said the ransomware has been a constant threat for the agency.
“I live and breathe ransomware every single day,” Bales said, “We are fielding some kind of ransomware complaint literally every day through our 56 field offices.”
Bales went on to stress the importance of reporting ransomware incidents, and pointed out that information about attacks can be valuable since often, the same variant is affecting different victims.
“I can’t promise you’re going to have agents show up at your door or anything like that, each scenario is going to be very different depending on the ransomware incident and complaints,” Bales said of the process, “Ransomware is not affecting just one person or one business, it’s going to move on, or probably simultaneously affect someone else. ”
“These are difficult investigations. They are extremely difficult. The only way we can really move forward is with the help that’s brought to us,” Bales said.
