The Federal Bureau of Investigation released an alert Oct. 2 warning how ransomware attacks threaten U.S. businesses as the data encryption attacks continue to ravage cities, schools and hospitals across the United States.
The alert, titled “High-impact ransomware attacks threaten U.S. businesses and organizations,” warned that while the amount of indiscriminate ransomware campaigns have dropped since early 2018, the losses from the attacks have sharply increased.
In the alert, the FBI warned that ransomware attackers, who encrypt an organization’s data and unlock it for a fee (usually in Bitcoin), upgrade and change how they enter networks to avoid detection and launch more effective attacks.
The FBI wrote that its observed attackers using phishing emails, brute-forcing user credentials to enter a network and exploiting vulnerabilities in software to infect networks with ransomware.
"Compromising an entity and deploying ransomware may only take threat actors a few days from start to finish, and can yield hundreds of thousands of dollars in a single week,” said Charles Carmakal, CTO of FireEye Mandiant consulting, in a statement Oct. 3.
The FBI joined the ranks of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency in calling for organizations to not pay the ransom, “in part because it does not guarantee an organization will regain access to its data,” the FBI wrote.
“In some cases, victims who paid a ransom were never provided with decryption keys," the FBI wrote. “In addition, due to flaws in the encryption algorithms of certain malware variants, victims may not be able to recover some or all of their data even with a valid decryption key.”
But the problem faced by the government is that it can be easier to just pay the ransom.
“Threat actors realize many victims will pay ransoms if their business operations are severely disrupted. Unfortunately, the more disruptive and chaotic the intrusions are, the more vulnerable victims feel, and the more susceptible they may become to paying ransoms,” Carmakal said.
Some ransomware attacks have forced hospitals to close. While the FBI advises not to pay the ransom, it wrote that it understands the complexity of the decision.
“Paying ransoms emboldens criminals to target other organizations and provides an alluring and lucrative enterprise to other criminals. However, the FBI understands that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers,” the FBI wrote.
The agency also advised businesses to report attacks to law enforcement because “doing so provides investigators with the critical information they need to track ransomware attackers, hold them accountable under U.S. law, and prevent future attacks.”
Andrew Eversden covered all things defense technology for C4ISRNET. Beforehand, he reported on federal IT and cybersecurity for Federal Times and Fifth Domain, and worked as a congressional reporting fellow for the Texas Tribune. He was also a Washington intern for the Durango Herald. Andrew is a graduate of American University.