According to reports, the FBI has issued a warning advising organisations on how they should handle ransom demands. The FBI’s Internet Crime Complaint Centre has urged all organisations and individuals that are infected by a ransomware not to pay any money to hackers in exchange of a decryption key. Instead, they should report the incident to FBI officials as earliest as possible.
It’s no wonder cyber-criminals are going after the high-value ransoms with so many tools to help protect their anonymity. However, this is not an excuse as to why these attacks are still occurring. There is plenty of advice available to companies that are targeted to mitigate the malicious software executing on their networks.
There is an argument that insurers are leveraging the problem too, as cyber-insurance can cover ransomware in many cases. Legally, a company can ensure its data and put a price on getting it back should it be deemed unreadable or lost. It would be naive to suggest that threat actors are not taking advantage of this possibility that is driving them towards the higher hanging fruit.
Targeted phishing attacks are still prevalent and making their way into company inboxes, so staff training is still key. But the number one rule for companies of all sizes is to back up properly and test the restore process regularly.
The FBI\’s recent ransomware warning is a reminder that ransomware attacks remain a clear and present danger to organisations of all sizes. Since I created a vaccine to stop the NotPetya ransomware attack in 2017, hackers have evolved their strategies and continue to look for easy targets. And today the proverbial low hanging fruit includes municipalities, local and regional law enforcement agencies and colleges. They are all caught in the crosshairs.
With ransomware, attackers are either exploiting browser vulnerabilities or sending malicious attachments. Users should keep browsers and email clients updated and patched and every attachment should be treated with suspicion, especially if it is coming from an unfamiliar email address. I strongly discourage paying the ransom. Every ransom that\’s paid only encourages the attackers to conduct more attacks and up the ante each time. Organisations should understand and internalise that ransomware is a real threat and should prepare for it by performing constant system backups which will allow them to quickly get back on their feet once attacked. Organisations should also employ various security and anti-ransomware solutions in advance.
Ransomware is just another set of behavioural properties in software. Given the way they work and the way that endpoint technologies are advancing, especially with the combination of machine learning, ransomware can be stopped or at least slowed down. In the bigger picture, ransomware is still a relatively new threat and it takes time for the industry to develop the right solutions. An eager and willing industry will continue to develop solutions to tame the ransomware problem.