“These criminals have evolved over time and now bypass the need for an individual to click on a link. They do this by seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers,” said James Trainor, the FBI Cyber Division Assistant Director.
Once a computer is infected, malware spreads and encrypts files on servers, backup drives, and sometimes other computers connected to the same network.
The FBI urges agencies to focus on two main areas when dealing with ransomware:
- Prevention efforts including employee training and technical prevention controls
- Creation of a plan on how to deal with a ransomware attack–and how to keep your agency functioning during an attack
Hackers typically demand a ransom payment from the victims. They ask to be paid in bitcoins, but the FBI does not support paying the ransom. Trainor said, “Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity.”
“There’s no one method or tool that will completely protect you or your organization from a ransomware attack,” said Trainor. “But contingency and remediation planning is crucial to business recovery and continuity—and these plans should be tested regularly.”
Other tips for agencies include: Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans, manage the use of privileged accounts, and back up data regularly.
If your agency or organization may have been infected with ransomware contact your local FBI field office.