In-brief: The nation’s top law enforcement agency is warning companies that they may not be able to get their data back from cyber criminals who use Cryptolocker, Cryptowall and other malware without paying a ransom.
The FBI wants companies to know that the Bureau is there for them if they are hacked. But if that hack involves Cryptolocker, Cryptowall or other forms of ransomware, the nation’s top law enforcement agency is warning companies that they may not be able to get their data back without paying a ransom.
“The ransomware is that good,” said Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program in its Boston office. “To be honest, we often advise people just to pay the ransom.”
Bonavolonta was addressing a gathering of business and technology leaders at the Cyber Security Summit 2015 on Wednesday at Boston’s Back Bay Events Center. He was referring to ransomware programs like Cryptolocker, Cryptowall, Reveton and other malicious programs that encrypt the contents of a victim’s hard drive, as well as other directories accessible from the infected system. The owner is then asked to pay a ransom – often hundreds of dollars – for the key to unencrypt the data.
Ransomware, in various forms, has been around for more than a decade. But the past three years has seen a steep rise in incidents involving the programs, which often infect users via malicious email attachments or drive by downloads from compromised websites or malicious web ads (malvertising). That has resulted in an increase in complaints to the FBI, said Bonavolonta. Police departments appear particularly prone to ransomware infections. But the problem has been widely noted. The infections can be difficult to remove, as this article from the Yuma Sun about a Cryptolocker infection in the newsroom notes.
The FBI issued a notice in June, which identified CryptoWall as the most common form of ransomware affecting individuals and businesses in the US. The Bureau said it had received 992 complaints related to CryptoWall between April 2014 and June 2015 with losses totaling $18 million. That message advised victims of ransomware to contact their local FBI field office.
Bonavolonta echoed that advice in his remarks on Wednesday, but also cautioned that the Bureau may not be able to pry encrypted data from the clutches of the ransomware authors, who use ultra secure encryption algorithms to lock up ransomed data.
“The easiest thing may be to just pay the ransom,”Bonavolonta, who said that efforts by the Bureau and others to defeat the encryption used by the malware did not bear fruit. “The amount of money made by these criminals is enormous and that’s because the overwhelming majority of institutions just pay the ransom.”
The success of the ransomware ends up benefitting victims: because so many people pay, the malware authors are less inclined to wring excess profit out of any single victim, keeping ransoms low. And most ransomware scammers are good to their word, Bonavolonta said. “You do get your access back.”
Still, the Boston head of cyber said that organizations that have procedures in place for regularly backing up their data can avoid paying a ransom at all, by simply restoring the infected system to a state prior to the infection.
And the FBI still wants to hear about ransomware infections, even from firms that pay the criminals off. “Do we want you to call the FBI? Yes,” said Bonavolonta. The FBI has been collecting information on ransomware scams and wants to be able to keep abreast of how the scams are evolving.
Pingback: Kaspersky Lab: malware en puntos de venta y ataques híbridos a empresas marcaran a la región en 2016 | Notas de Prensa TI
Pingback: Ransomware Works on Smart TVs, Too! | The Security Ledger
Regardless of what the FBI’s intentions were, I still think it was a very irresponsible statement to make. When you have as much power as the FBI has, your words weigh a lot. My concern is that a lot of people are just going to give up trying to protect themselves and simply pay it out, without realizing there are ways out. Backups are essential, and should not be missed. Another way to revert ransomware such as cryptolocker is to get third party restore software, like Rollback Rx. This and others similar to it can wipe off the malware without any payment made to nobody.
Pingback: FBI’s Advice on Ransomware? Just Pay The Ransom. | University of South Wales: Information Security and Privacy
Pingback: Il nuovo Cryptowall codifica i nomi dei file e si prende gioco delle proprie vittime - Securelist
Pingback: WatchGuard 2016 Security Predictions: #1 Ransomware - Varanoid.com
Pingback: Senators Ask: Does Uncle Sam Pay Ransom? | The Security Ledger
Pingback: FBI’s Advice on Ransomware? Just Pay The Ransom. | The Security Ledger | Georgia 2600 Hackers irc.2600.net #GA2600
Pingback: The Future of Viruses and Cyber Security - Modernized Security
Never, ever pay the ransom. That’s a shot in the dark, at best, and an endorsement for such criminal activity.
Also, keep a separate administrator account while using a standard user day-to-day. If this is a business station, no one, including upper level management and owners, should have admin permissions. Businesses, and end-users that can afford it, should also employ security appliances in between the public and private networks.
Pingback: Predicciones para Latinoamérica 2016 de Kaspersky Lab: Malware en puntos de ventay ataques híbridos | Datamation
Pingback: Ransomware’s latest threats: What to do about CryptoWall, Chimera and their ilk
Pingback: Best backup method and products - Digital Survival Guide -
Pingback: The Complete Ransomware Guide | Varonis Blog
Pingback: 2015 Cybersecurity in review: Threat predictions for 2016 - SecureLink
I agree that the FBI statement is, in fact, irresponsible, and I daresay would not have been contemplated by old-guard FBI men.
I can understand their frustration and inability to respond or provide help for a growing stream of infection reports, but their statement provides material support and encouragement for criminal enterprise. Their spokesman should have pointed the public to a simple to understand document on an FBI-based URL that would provide tips to keeping your system and/or data from becoming victims (and which should say never, ever, pay ransom).
Never too late, guys.
Yet again, an erred response which should not be taken as word. What the Special Agent needs to understand is that one does not need to do the easiest thing, but the correct one. Take this problem into the real world, in where the ransom is not via computer but in person. Would someone pay the criminals for this, or alert the police? I think you have your answer there. Make sure you get a backup solution asap, and strong anti-malware and software that can reverse any awful changes made to your computer like Deep Freeze and Rollback Rx.
Pingback: Cryptolocker Virus - Still Going Strong. | Tech II Business Services
Pingback: IDG Contributor Network: Ransomware: 7 tips for recovery and prevention - Micro Penguin
I’ll immediately seize your rss feed as I can not find your email
subscription hyperlink or e-newsletter service. Do you’ve any?
Kindly let me realize in order that I may subscribe.
Pingback: RANSOMWARE ATTACKS SMART TV’s | WASHC
Pingback: CryptoWall ransomware campaigns are carried out by a small set of attackers; pattern mirrors that of traditional organized crime | OCG Systems
Pingback: WTF: Ransomware, Cryptolocker, Coinvault | Athena Bitcoin
Pingback: Limit the Damage of Ransomware in Two Steps - Sentinel IPS
Pingback: Ransom note – pay or don’t pay? Ransomware on the rise – diginomica
Pingback: No One Should Ever Pay to Remove a Bitcoin Ransomware Infection – newsBTC | Everyday News Update
Pingback: Hospital's IT systems held hostage by ransomware, results in severe disruption of care
Pingback: No One Should Ever Pay to Remove a Bitcoin Ransomware Infection | NewUCity
Pingback: Ransomware Extortionists Land $17,000 in Bitcoin – Welcome to Shop-a-to |Homefront Aggregate
Pingback: Ransomware Extortionists Land $17,000 in Bitcoin | NewUCity
Pingback: Hollywood Hospital Pays $17K Ransom to Decrypt Files | Threatpost | The first stop for security news
Pingback: Hollywood Hospital Pays Bitcoin Ransom After Cyber Attack
Pingback: Ransomware Extortionists Land $17,000 in Bitcoin • sevenfortwo
Pingback: FBI Suggests Ransomware Victims — 'Just Pay the Ransom Money' - Genius web Press
Pingback: No One Should Ever Pay to Remove a Bitcoin Ransomware Infection – Welcome to Shop-a-to |Homefront Aggregate
Pingback: Hackers Hold L.A. Hospital for Ransom, Make Off with $17,000 - Breitbart
Pingback: NETWORK ZONES | Hollywood Hospital Pays $17K Ransom to Decrypt Files
Pingback: No One Should Ever Pay to Remove a Bitcoin Ransomware Infection | Crypto Coin News
Pingback: За криптирането и хората. Your personal files are encrypted! – Блогът на Сайхет