The FBI has issued a warning to businesses about the relentless wave of ransomware. The bulletin includes preventative tips, and an affirmation of the bureau’s stance that companies affected by cryptoransomware attacks in particular should not succumb to temptation and pay their attackers off.
The warning comes at the same time as a Michigan utility continues to recover from an attack disclosed one week ago. Lansing Board of Water and Light posted a statement on its Facebook page this afternoon that it continues to investigate the attack, and that it has hired an incident response firm to handle recovery of its IT systems.
Email and other administrative systems have been inaccessible since the attack, as well as phone systems. The utility insists that water and electricity delivery systems were not impacted, and that customer data including credit card numbers were not at risk.
“BWL and its experts will work continuously until they are satisfied that all systems are fully functional and validated with industry standard security protocols,” the company said.
Numerous requests for further comments were not returned in time for publication.
It’s unknown what type of ransomware infected the utility, nor how the outbreak began. BWL is the first U.S.-based utility to report a ransomware attack; the most high-profile attacks against American enterprises came in February and March against hospitals in California, Kentucky and the Washington, D.C. area.
The FBI, meanwhile, urges organizations to be vigilant keeping browsers, operating systems and third-party application patch levels up to date, and that antimalware protection is also current. The bureau also suggested companies back up often, lock down access granted to individuals and manage configuration of filesystems, directories and network shares appropriately.
“The inability to access the important data these kinds of organizations keep can be catastrophic in terms of the loss of sensitive or proprietary information, the disruption to regular operations, financial losses incurred to restore systems and files, and the potential harm to an organization’s reputation,” the FBI said.
The FBI also said organizations should think twice about paying a ransom in order to recover files encrypted by ransomware. Forensics specialists can often crack certain ransomware strains, and numerous technology companies, including Kaspersky Lab, have developed decryptors for particular malware families.
“Paying a ransom doesn’t guarantee an organization that it will get its data back—we’ve seen cases where organizations never got a decryption key after having paid the ransom,” said FBI Cyber Division Assistant Director James Trainor. “Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.”