FBI: No, you shouldn’t pay ransomware extortionists

The FBI has published a list of tips to reduce the chance of ransomware being the ruin of your company - and is keen that you don't pay the extortionists.

The FBI has published a list of tips to reduce the chance of ransomware being the ruin of your company – and is keen that you don’t pay the extortionists.

The roll call of organisations hit by ransomware attacks is depressingly long – hospitals, government departments, school districts, banks, businesses small and large… even law enforcement agencies haven’t been able to avoid attacks from what is becoming one of the biggest threats of 2016.

The ransomware attacks are particularly damaging, of course, because of their payload – encrypting valuable data files and refusing to unlock them unless a ransom demand is met.

The threat of ransomware is well explained in this ESET video:

If your company is unfortunate enough to be hit by a successful ransomware attack, and you didn’t take sufficient precautions to ensure that your backups are not also corrupted (or worse, if you didn’t have any backup at all) then your organisation may be facing a catastrophic situation.

Similarly, if you’re a home user who has their personal computer struck by ransomware, you may find that files which you consider to be priceless emotionally (such a family photos and movies) may be at risk of being lost forever.

It is this, of course, that the criminal gangs behind ransomware attacks are banking on. That you will be so concerned that your company will not be able to do business without access to its data, or that you will be forever sobbing into your cornflakes at the loss of photos of sentimental value, that you will be prepared to swallow the pill and be prepared to pay the extortionists.

Ransomware detection trend

Ransomware is not only on the rise, judging by the number of attacks being reported and the number of new samples being seen in ESET’s labs, but is also becoming more sophisticated and aggressive.

Modern ransomware is not just being spread via malicious emails, but also taking advantage of exploit kits and malvertising campaigns to infect unwary computer users as they visit legitimate websites.

Fortunately, although many ransomware attacks are becomingly more sophisticated, there are also signs that the perpetrators are sometimes not immune from making mistakes themselves.

But if ransomware does manage to encrypt your files, and you cannot access working backups your data, what should you do?

A recent advisory issued by the FBI strongly urges victims of ransomware not to pay the criminals.

The advisory quotes FBI Cyber Division Assistant Director James Trainor, who confirms that the bureau does not recommend paying extortionists:

“Paying a ransom doesn’t guarantee an organization that it will get its data back—we’ve seen cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.”

It’s good to hear such a clear statement from the FBI, as in late 2015 the law enforcement agency was widely quoted seemingly saying that it often advised victims to “just pay the ransom.”

Now the FBI has published a list of tips to reduce the chance of ransomware being the ruin of your company (and some of them are applicable to home users too):

  • Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.
  • Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).
  • Ensure anti-virus and anti-malware solutions are set to automatically update and conduct regular scans.
  • Manage the use of privileged accounts — no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.
  • Configure access controls, including file, directory, and network share permissions appropriately. If users only need read specific information, they don’t need write-access to those files or directories.
  • Disable macro scripts from Microsoft Office files transmitted over email.
  • Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).
  • Back up data regularly and verify the integrity of those backups regularly.
  • Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.

Prevention is always better than cure. Protect your computers – whether it be at home or in the office – from the threat of ransomware, and take the necessary measures so that if you are unlucky to be hit by a ransomware attack, you can recover.

Sign up to receive an email update whenever a new article is published in our Ukraine Crisis – Digital Security Resource Center