Cybersecurity Awareness Month: FBI offers steps to protect against ransomware, what to do if it hits
During Cybersecurity Awareness Month, observed each October, the FBI and its partner agencies remind you to do your part and #BeCyberSmart all year long.
As the premier cyber investigative agency, the FBI works to keep you safe online, but there are many simple steps you can take to help protect yourself and your family. If you do become a victim, contact us at the FBI’s Internet Crime Complaint Center (www.ic3.gov) to report online crime.
This week's focus is on ransomware - what it is and how to stay safe. A video version of this release is available at: https://www.youtube.com/watch?v=rN10oCBe_ZA
The speaker is Supervisory Special Agent Gabriel Gundersen. SSA Gundersen supervises the Oregon Cyber Task Force.
What is ransomware?
Ransomware is a form of malicious software that targets your data. If ransomware infects your device or network, the ransomware actors behind that attack have the ability to lock you out of the data stored on your device or network. They will demand you pay a ransom – usually by cryptocurrency. They claim they will give you the “key” to recover your data if you pay, but there are no guarantees.
Who is most at risk for ransomware attacks?
There are three basic groups who can suffer ransomware attacks:
- Businesses – both big and small
- Individuals; and
- Public agencies and public service providers
What’s the risk to individuals?
When these kinds of attacks first started, ransomware actors often targeted regular people at home. The majority of attacks now go after larger targets, but individuals still need to take precautions. The loss of wedding photos or videos of your newborn are irreplaceable.
What’s the risk to businesses?
Any business can be vulnerable, but we are particularly concerned about small and medium-sized companies. They often don’t have the expertise or, they think, the funds to invest in the robust security they need. If you are a business owner, please take the time to learn about some simple steps you can take to protect your business. Otherwise, one bad ransomware attack can cause you to shut your doors for good.
What’s the risk to public agencies and service providers?
We are seeing attack after attack targeting hospitals, health care providers, government agencies, and schools. Not only do these organizations risk a loss of money, they also hold sensitive information that the attackers can pull out and re-sell on the dark web. Beyond that, there are real world consequences of a hospital that is unable to care for patients.
How do ransomware attacks usually start?
Ransomware actors will often send ransomware through email phishing campaigns. Once anyone on your network clicks on an infected file or link, the fraudsters can have access to all of your devices and data. They encrypt the system, effectively locking you out.
How much can a ransomware attack cost?
The ransom demands may range from a few hundred dollars for an individual to millions of dollars for a big company, hospital, or utility. But the ransom is only the start. Organizations risk loss of productivity, legal fees, and the need to purchase credit-monitoring services for employees and customers.
Even if you manage to get your system back up online, it is likely that the attacker left other malware hidden on your system—requiring a remediation team to completely wipe the computers and restore everything from clean, off-line backups.
What are some basic steps to take to avoid a ransomware attack?
To avoid a ransomware attack, you should:
- Educate yourself and your employees as to how to identify and manage phishing lures.
- Back up your data often and keep back-ups segregated and offline from normal operations.
- Make sure that all devices on your network are using the most current versions of operating systems and applications; and
- Keep your anti-malware software up-to-date.
What should I do if I think my device or network is infected with ransomware?
- If you get a pop-up or other message that says you are infected, disconnect the device from the Internet and your network immediately to try to prevent the spread.
- Then, call the FBI right away. If we are called in early enough, we can sometimes assist with remediation.
Should I pay to unlock my system?
The FBI recommends that victims do NOT pay a hacker’s ransom demand. The payment only encourages more criminal activity, and, even if you do pay, there is no guarantee that the hacker will unlock your data, hasn’t already downloaded your data for re-sale, or won’t return for another round of ransom.
###
The previous Oregon FBI Cybersecurity Awareness Month videos are available for download from YouTube as well.
Week 1: Cybersecurity Basics (FBI Assistant Special Agent in Charge Eliza Odom) - https://www.youtube.com/watch?v=2WU63yNub3I
Week 2: The ABC's of Cryptocurrency (FBI Forensic Accountant Brandon) - https://www.youtube.com/watch?v=NkZe5vRAHF8