Pierluigi Paganini October 03, 2019

The U.S. Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) warns organizations about high-impact ransomware attacks.

In a wake of the recent string of attacks against cities, school districts and hospitals, the U.S. Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) issued organizations about high-impact ransomware attacks.

“Ransomware attacks are becoming more targeted, sophisticated, and costly, even as the overall frequency of attacks remains consistent.” reads the public service announcement published by the IC3.

“Since early 2018, the incidence of broad, indiscriminant ransomware campaigns has sharply declined, but the losses from ransomware attacks have increased significantly, according to complaints received by IC3 and FBI case information. Although state and local governments have been particularly visible targets for ransomware attacks, ransomware actors have also targeted health care organizations, industrial companies, and the transportation sector.”

The FBI has observed cyber organizations using multiple techniques to deliver ransomware, including phishing campaigns and the exploitation of Remote Desktop Protocol (RDP) and software vulnerabilities.

The authorities discourage victims from paying a ransom because there is no guarantee that files will be decrypted. Sometimes crooks don’t decrypt them after the payment, in other cases security issues in the encryption process, or in the malware development, make it impossible to decrypt the data.

FBI urges victims to report the incident to the local FBI field office and to ic3.gov to receive the necessary support.

“Regardless of whether you or your organization have decided to pay the ransom, the FBI urges you to report ransomware incidents to law enforcement.” continues the announcement. “Doing so provides investigators with the critical information they need to track ransomware attackers, hold them accountable under U.S. law, and prevent future attacks.”

Reporting the ransomware attacks to the FBI will help law enforcement to track the crooks behind the campaign and to collect the indicators of compromise associated with the threat.

Below the cyber defense best practices shared by the FBI:

• Regularly back up data and verify its integrity
• Focus on awareness and training
• Patch the operating system, software, and firmware on devices
• Enable anti-malware auto-update and perform regular scans
• Implement the least privilege for file, directory, and network share permissions
• Disable macro scripts from Office files transmitted via email
• Implement software restriction policies and controls
• Employ best practices for use of RDP
• Implement application whitelisting
• Implement physical and logical separation of networks and data for different org units
• Require user interaction for end-user apps communicating with uncategorized online assets

Pierluigi Paganini

(SecurityAffairs – FBI, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]