#Privacy: FBI warns US organisations not to pay ransomware demands

The US Federal Bureau of Investigation (FBI) has issued a public service announcement informing organisations about high-impact ransomware attacks. 

The announcement explains that ransomware attacks are becoming more targeted and sophisticated, and the losses of ransomware attacks have significantly increased, according to complaints received by IC3 and FBI case information. 

Ransomware attacks are now targeting healthcare organisations, industrial companies, state and local governments, and the transportation sector. 

Threat actors are utilising numerous techniques to infect victims with ransomware including; Remote Desktop Protocol (RDP) vulnerabilities, software vulnerabilities and email phishing campaigns. 

In the announcement, the FBI advises organisations not to pay the ransom, as it does not guarantee an organisation will regain access to its data. Additionally, victims may not be able to recover some or all of their data due to flaws in the encryption algorithms of certain malware variants. 

“Paying ransoms emboldens criminals to target other organizations and provides an alluring and lucrative enterprise to other criminals. However, the FBI understands that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers,” says the FBI in the announcement. 

The FBI urges organisations to report ransomware attacks to law enforcement, which by doing so investigators are provided with the critical information to track the attackers, and thus hold them accountable under US law. 

“As ransomware techniques and malware continue to evolve and become more sophisticated, even the most robust prevention controls are no guarantee against exploitation. This makes contingency and remediation planning crucial to business recovery and continuity. 

“Those plans should be tested regularly to ensure the integrity of sensitive data in the event of a compromise.”

We’re now live at PrivSec Global!
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Register your virtual seat today and gain access to the entire event free of charge. With all sessions available to view live or on-demand, you can build a personalised agenda based on your key focus topics and make the event fit around your work schedule.

Secure your seat

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.