Reporting burglary, car theft or mugging, would be a no-brainer. But online fraud or ransomware extortion? If it happens on a computer, there’s a tendency for people to see it as either the victim’s problem or for the bank or service provider to sort out.
Faced with soaring online crime, police forces and government have realized that to have any chance of containing online crime means treating in in the same way as any other type of law breaking. Intelligence is needed to warn the public of attacks and evidence gathered for possible future prosecutions.
HOW TO REPORT THE ATTACK:
Last year the FBI put out its first ever note encouraging ransomware victims to report attacks in some detail through the Agency’s Crime Complaint Center (IC3). The FBI is requesting victims reach out to their local FBI office and/or file a complaint with the Internet Crime Complaint Center with a number of infection details, including:
- Date of infection
- Ransomware variant (identified on the ransom page or by the encrypted file extension)
- Victim company information (industry type, business size, etc.)
- How the infection occurred (link in e-mail, browsing the Internet, etc.)
- Requested ransom amount
- Actor’s Bitcoin wallet address (may be listed on the ransom page)
- Ransom amount paid (if any)
- Overall losses associated with a ransomware infection (including the ransom amount)
- Victim impact statement
WHAT TO DO IF YOUR COMPUTER IS INFECTED:
In the alert, the FBI reiterated that the agency does not support paying a ransom to hackers. “Paying a ransom does not guarantee the victim will regain access to their data; in fact, some individuals or organizations are never provided with decryption keys after paying a ransom. Paying a ransom emboldens the adversary to target other victims for profit, and could provide incentive for other criminals to engage in similar illicit activities for financial gain. While the FBI does not support paying a ransom, it recognizes executives, when faced with inoperability issues, will evaluate all options to protect their shareholders, employees, and customers,” the FBI officials stated.
The FBI also offered recommended prevention and continuity measures to lessen the risk of a successful ransomware attack. Organizations should regularly back up data and verify the integrity of those backups as well as secure backups. And, the agency recommends organizations implement software restrictions or other controls to prevent the execution of programs in common ransomware locations, such as temporary folders supporting popular Internet browsers, or compression/decompression programs, including those located in the AppData/LocalAppData folder.
WHY YOU MIGHT NOT BE REPORTING, BUT WHY YOU SHOULD
Victims may not report to law enforcement for a number of reasons, including concerns over not knowing where and to whom to report; not feeling their loss warrants law enforcement attention; concerns over privacy, business reputation, or regulatory data breach reporting requirements; or embarrassment. Further, those who resolve the issue internally either by paying the ransom or by restoring their files from back-ups may not feel a need to contact law enforcement.
But victim reporting provides law enforcement with a greater understanding of the threat, provides justification for ransomware investigations, and contributes relevant information to ongoing ransomware cases. Knowing more about victims and their experiences with ransomware will help the FBI to determine who is behind the attacks and how they are identifying or targeting victims.
In summary, should you report the attack to the FBI, even though they can’t necessarily help solve the problem? Definitely. Reporting incidents of ransomware will help bring out such nefarious activities out in the public domain where security researchers can study their incidence further. Further, it can also help authorities crack down on the hackers.