FBI urges victims to report ransomware attacks
- Published: Friday, 16 September 2016 08:56
The US FBI is asking businesses that are impacted by ransomware to report the attacks to federal law enforcement so that the agency can gain a more comprehensive view of the current threat.
The FBI says that, while ransomware infection statistics are often highlighted in the media and by computer security companies, it has been challenging for the agency to ascertain the true number of ransomware victims as many infections go unreported.
Victims may not report for a number of reasons, including concerns over not knowing where and to whom to report; not feeling their loss warrants law enforcement attention; concerns over privacy, business reputation, or regulatory data breach reporting requirements; or embarrassment. Additionally, those who resolve the issue internally either by paying the ransom or by restoring their files from back-ups may not feel a need to contact law enforcement.
The FBI is urging victims to report ransomware incidents regardless of the outcome. Victim reporting provides law enforcement with a greater understanding of the threat, provides justification for ransomware investigations, and contributes relevant information to ongoing ransomware cases. Knowing more about victims and their experiences with ransomware will help the FBI to determine who is behind the attacks and how they are identifying or targeting victims.
What to report to law enforcement?
The FBI is requesting victims reach out to their local FBI office and/or file a complaint with the Internet Crime Complaint Center, at www.IC3.gov, with the following ransomware infection details (as applicable):
1. Date of Infection
2. Ransomware Variant (identified on the ransom page or by the encrypted file extension)
3. Victim Company Information (industry type, business size, etc.)
4. How the Infection Occurred (link in e-mail, browsing the Internet, etc.)
5. Requested Ransom Amount
6. Actor’s Bitcoin Wallet Address (may be listed on the ransom page)
7. Ransom Amount Paid (if any)
8. Overall Losses Associated with a Ransomware Infection (including the ransom amount)
9. Victim Impact Statement.