In-brief: The nation’s top law enforcement agency is warning companies that they may not be able to get their data back from cyber criminals who use Cryptolocker, Cryptowall and other malware without paying a ransom.
The FBI wants companies to know that the Bureau is there for them if they are hacked. But if that hack involves Cryptolocker, Cryptowall or other forms of ransomware, the nation’s top law enforcement agency is warning companies that they may not be able to get their data back without paying a ransom.
“The ransomware is that good,” said Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program in its Boston office. “To be honest, we often advise people just to pay the ransom.”
Bonavolonta was addressing a gathering of business and technology leaders at the Cyber Security Summit 2015 on Wednesday at Boston’s Back Bay Events Center. He was referring to ransomware programs like Cryptolocker, Cryptowall, Reveton and other malicious programs that encrypt the contents of a victim’s hard drive, as well as other directories accessible from the infected system. The owner is then asked to pay a ransom – often hundreds of dollars – for the key to unencrypt the data.
Ransomware, in various forms, has been around for more than a decade. But the past three years has seen a steep rise in incidents involving the programs, which often infect users via malicious email attachments or drive by downloads from compromised websites or malicious web ads (malvertising). That has resulted in an increase in complaints to the FBI, said Bonavolonta. Police departments appear particularly prone to ransomware infections. But the problem has been widely noted. The infections can be difficult to remove, as this article from the Yuma Sun about a Cryptolocker infection in the newsroom notes.
The FBI issued a notice in June, which identified CryptoWall as the most common form of ransomware affecting individuals and businesses in the US. The Bureau said it had received 992 complaints related to CryptoWall between April 2014 and June 2015 with losses totaling $18 million. That message advised victims of ransomware to contact their local FBI field office.
Bonavolonta echoed that advice in his remarks on Wednesday, but also cautioned that the Bureau may not be able to pry encrypted data from the clutches of the ransomware authors, who use ultra secure encryption algorithms to lock up ransomed data.
“The easiest thing may be to just pay the ransom,”Bonavolonta, who said that efforts by the Bureau and others to defeat the encryption used by the malware did not bear fruit. “The amount of money made by these criminals is enormous and that’s because the overwhelming majority of institutions just pay the ransom.”
The success of the ransomware ends up benefitting victims: because so many people pay, the malware authors are less inclined to wring excess profit out of any single victim, keeping ransoms low. And most ransomware scammers are good to their word, Bonavolonta said. “You do get your access back.”
Still, the Boston head of cyber said that organizations that have procedures in place for regularly backing up their data can avoid paying a ransom at all, by simply restoring the infected system to a state prior to the infection.
And the FBI still wants to hear about ransomware infections, even from firms that pay the criminals off. “Do we want you to call the FBI? Yes,” said Bonavolonta. The FBI has been collecting information on ransomware scams and wants to be able to keep abreast of how the scams are evolving.
Pingback: With $325 Million In Extorted Payments CryptoWall 3 Highlights Ransomware Threat | Templar Shield
Pingback: Betala lösensumman för att bli kvitt ransomware? Ja, ibland är det enda utvägen. | Dator Kunskap
Pingback: Evil Zone | FBI recommends that victims of ransomware pay up
I’ve dealt with this kind of encryption scam several times in the past couple years. There is a way to decrypt the files and get all the data back. I have experimented with it. Again, it’s wise to have back up, in the case you fail at decryption. 🙂
Carl Force IV would be proud. Looks like we have Hundred’s and Hundreds’ of them now…
Pingback: All CoinVault and Bitcryptor ransomware victims can now recover their files for free - GeekTechTalk
Pingback: All CoinVault and Bitcryptor ransomware victims can now recover their files for free | Templar Shield
Pingback: СТОЛКНУЛИСЬ С ВЫМОГАТЕЛЬСКИМ ПО? ФБР СОВЕТУЕТ ЗАПЛАТИТЬ | HACHERHOME.TK
Pingback: All CoinVault and Bitcryptor ransomware victims can now recover their files for free | Computer network knowledge
Pingback: Don’t Listen to the FBI – Daily Security Byte EP. 168 - Varanoid.com
Pingback: Cryptowall 3.0 reported to cost victims $325 million | OSINFO
Pingback: All CoinVault and Bitcryptor ransomware victims can now recover their files for free | All About Tech in News
Pingback: El final de CoinVault y Bitcryptor
Pingback: Osibogun and Partners - Law Firm
Great….the FBI is now telling us to give the mouse a cookie.
People…think about this. Unless you absolutely cannot afford to lose your data, do not give in to these scum-runners. And if you absolutely cannot afford to lose your data, you should be buying Carbonite, Crashplan, or some other form of backup, preferably on and offsite, but if you can only afford one, a basic subscription offsite. If you can’t do without it, then you should ask yourself -what if a fire, flood, theft, etc. took my computer and data away from me?
The FBI should be making clear to people that giving in is the last resort. If people stop paying off these frauds, they’ll stop doing it because it won’t be profitable. And as Eastern European organized crime is often responsible, this money won’t go to fund other not-so-pleasant things.
Pingback: FBI Suggests Ransomware Victims — ‘Just Pay the Ransom Money’ | S4mpl3d
Pingback: Chimera Ransomware focuses on business computers - botfrei Blog
Pingback: CryptoWall Extorts $325M from 400K Infections | BTCMANAGER
Pingback: BackupAssist | Windows Backup and Disaster Recovery Software » Blog Archive Ransomware - FBI says play safe or pay up | BackupAssist
Pingback: Abejotina FTB rekomendacija sukėlė sąmyšį IT saugumo industrijoje | Sprendimai Verslui
Pingback: Cryptowall 4.0 Encrypts File Names, Clears Restore Points | Threatpost | The first stop for security news
The FBI should be telling people to dump the Windows OS! How long will we continue to suffer the Stockholm syndrome with bad Microsoft Software? Other operating systems/computer ecosystems have shown much greater security. Cryptolocker and Cryptowall are hideious Windows infections.
The worst Mac OS ransomware infection so far was a javascript that fooled you into thinking your computer was locked, but it wasn’t. Easily deleted and fixed. There has never been a ransomware in the wild for iOS. Other OS’s while not having as stellar a record as Apple’s OS’s still have greatly improved track records over Windows. Dump Windows! Keep your hardware, but dump Windows.
@Nobody Special,
1) – You can’t keep your hardware, but dump Windows if you wish to adopt an Apple OS; it would completely violate Apple’s licensing policies
2) – You’re blaming an operating system, when you should be blaming the scum that are doing this.
3) – Just because this hasn’t been done on Linux or Mac OS X doesn’t mean it couldn’t be done. Both have encryption technologies available. It just isn’t profitable to do so at this time. Should the marketshare of either increase drastically, and the marketshare of Windows decrease in proportion, it is a guarantee you’ll see this happen. Not a possibility, a guarantee.
This should not be about blaming an operating system –it should be about ensuring that no matter which operating system, people are taught to back up everything for disaster recovery. If one’s house burns down and their computer is melted to slag, Linux isn’t to blame. If a hard disk fails, it’s not the fault of OS X. We need to treat this as a disaster-recovery opportunity, not a chance to blame an OS, and we need to use all forensic tools at our disposal to go after the scum doing this to people, because in the end, the criminals are responsible.
And note -while thwarted, possibly the first Linux ransomware seen in the wild. As it’s a 1.0, I’m sure we’ll see a 1.1.
http://www.theregister.co.uk/2015/11/12/cures_for_ransomware_linux_cryptowall/
This underscores that the operating system is not relevant – a solid disaster recovery procedure however, is.
Pingback: Updated Cryptowall Encrypts File Names, Mocks VictimsDigital Era | Digital Era
DO NOT NEGOTIATE WITH TERRORISTS. THE UNITED STATES DOES NOT NEGOTIATE WITH TERRORISTS. the fbi should be ashamed of themselves.
Pingback: Held ransom by malicious spyware? Just pay up, FBI says - AdTrustMedia Blog
Pingback: Booming crypto ransomware industry employs new tricks to befuddle victims | River Net Computers | Frenchtown, NJ
Pingback: TECNOLOGÍA » Booming crypto ransomware industry employs new tricks to befuddle victims
Pingback: Evil Zone Groups | Updated Cryptowall Encrypts File Names, Mocks Victims
Pingback: Did the FBI really say “pay up” for ransomware? Here’s what to do… | absenteereality
Pingback: Новый Cryptowall шифрует имена файлов, глумится над жертвой | Threatpost | Новости информационной безопасности
Pingback: Booming crypto ransomware industry employs new tricks to befuddle victims | TecBlog
Pingback: A Government Standing on Principle - The Electric Deep
Pingback: Cryptowall 3.0 reported to cost victims $325 million | Cyber Security News
Pingback: Создатели программ-вымогателей придумывают новые способы выманивания денег - itfm.pro
Pingback: You would not believe the virus that is infecting everyone! Here are 3 recommendations to prevent it you should be doing recommendation #2 | codelikeasir
Pingback: Booming crypto ransomware industry employs new tricks to befuddle victims - Meta Thrunks Security Blog
Pingback: Bundeskriminalamt widerspricht FBI bezüglich der Handlungsempfehlung bei Ransomware - botfrei Blog
Pingback: Buggy ransomware locks up your data, then throws away the encryption key – HOTforSecurity
Pingback: Buggy ransomware locks up your data, then throws away the encryption key | Dennis Nadeau Complaint Blog
Pingback: Ransomware Recap - Practical Help for Your Digital Life®
Pingback: Neuer Cryptowall verschlüsselt Dateinamen und verhöhnt Opfer - Securelist
Pingback: Podcast @1060interfase: Seguridad Digital | Ornitorrinco Digital
Pingback: Ransomware: pagare o non pagare il riscatto? Il parere degli esperti di ESET
Pingback: Updated Cryptowall Encrypts File Names, Mocks Victims | »XoZZeN«
Pingback: Kaspersky Lab: malware en puntos de venta y ataques híbridos a empresas marcaran a la región en 2016 | Corporate IT
Pingback: Malware y ataques híbridos a empresas marcarán a Latam en 2016
Pingback: Ransomware’s latest threats: What to do about CryptoWall, Chimera, etc | TMD Technology Services
Pingback: ESET: If a ransomware threats to upload your pictures and videos, don’t believe it! | GlobalMedia IT Caribbean
Pingback: Siete stati colpiti da un Ransomware? Pagate il riscatto e rassegnatevi | corradoignoti.it
Pingback: New Ransomware Threatening to Leak Victims’ Personal Data - PureVPN