May 2, 2016 by

FBI’s Advice to Ransomware Victims: Don’t Pay

In a new post warning about the relentless waves of ransomware attacks targeting businesses and individuals, the Federal Bureau of Investigation (FBI) has advised victims not to pay ransomware attackers.

The FBI has urged organizations to not give in to temptation and pay their extortionists in a bid to recover their data. Instead, the Bureau urged companies and organizations to stay vigilant while operating browsers and operating systems.

A common suggestion by the Bureau is that companies back up frequently. The Bureau also advises companies lock down access granted to individuals as well as urging admins to effectively manage configuration of directories, file systems and network shares.

Also, the FBI does not want companies paying a ransom in response to a ransomware attack.

FBI Cyber Division Assistant Director James Trainor stated:

Paying a ransom doesn’t guarantee an organization that it will get its data back – we’ve seen cases where organizations never got a decryption key after having paid the ransom.

He opined that a ransom paid only serves to embolden cybercriminals to target more organizations. Additionally, the chance of a lucrative payday even encourages cybercriminals to get involved in such illegal activities.

The FBI recommends two main areas of focus for organizations to steer clear of suchthreats. They are:

  • Prevention efforts – both in terms of awareness training for employees and robust technical prevention controls; and
  • The creation of a solid business continuity plan to ensure that operations continue without a hitch, in the event of a ransomware attack.

Trainor added:

There is no one method or tool that will completely protect you or your organization from a ransomware attack. But, contingency and remediation planning is crucial to business recovery and continuity – and these plans should be tested regularly.

Although ransomware attacks have been around for a few years, 2015 saw a marked increase in such cyberattacks. The increase was notable in organizations chosen as targets since the payoffs are higher than those obtained from everyday individuals. Ransomware attacks in 2016 aren’t showing any signs of stopping either, with malware authors and attackers employing new and sophisticated means to strike at their targets.

Image credit: Wikimedia.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

US Hospital Coughs Up $55,000 to Hackers after Ransomware Attack

A ransomware attack targeting a hospital in Greenfield, Indiana, has seen hackers make away with...

Read more arrow_forward

47 Million Emails/Day: Necurs Botnet Launches Massive Ransomware Campaign

A cybersecurity firm has revealed it has blocked as many as 47 million emails per day spewed by the...

Read more arrow_forward

Ransomware Continues to Dominate as 2017’s Main Attack Vector

Cyber attacks are on the rise in 2017, clocking a staggering 238% jump in attacks against endpoints....

Read more arrow_forward