Yesterday, the FBI published an official statement regarding its stand on ransomware infections. In it, each victims=, an individual or a company, is urged to report ransomware incidents to federal law enforcement and NOT to pay the ransom.
FBI was criticized a lot when one of its members said that in many situations they advise victims to pay the ransom demanded. The advice not only misunderstood and taken out of context but it was also considered an official FBI policy.
After this news and some huge ransomware infections, the US Senate called the FBI to make an official statement on ransomware infections in front of it. The FBI Director, James Comey, answered an official inquiry back in April.
The FBI made their stand clear when, yesterday, they published a public statement announcement (PSA) on what American citizens should do in case of ransomware incident. The PSA is posted on the website of the FBI’s Internet Crime Complaint Center (IC3). The FBI makes it clear it want all users who have fallen victims to a ransomware attack to make a formal complaint and contact the IC3.
Victims are asked to report the infection on the day it occurred, to tell how it occurred (USB, browser, email), the ransomware variant that infected their systems, company data (business size, industry vertical), how much the ransom was and the Bitcoin wallet it should be paid to, and whether or now the victim has paid.
Moreover, the FBI want the victim to tell the overall losses associated with the infection and even to add a short personal statement explaining in their own words the impact the infection had on them and their business.
Victims are urged to report an incident even if they have already paid or restored their locked data from backups. FBI says this would help them create a bigger picture of the ransomware attack in the US.
Now, the FBI has finally clarified its position and dispelled any confusion regarding its stance on ransomware infections and whether or not the victims should pay.
“The FBI does not support paying a ransom to the adversary. Paying a ransom does not guarantee the victim will regain access to their data; in fact, some individuals or organizations are never provided with decryption keys after paying a ransom. Paying a ransom emboldens the adversary to target other victims for profit, and could provide an incentive for other criminals to engage in similar illicit activities for financial gain. While the FBI does not support paying a ransom, it recognizes executives, when faced with inoperability issues, will evaluate all options to protect their shareholders, employees, and customers.”
Recommendations and defenses to prevent ransomware infections in the future are also included in the PSA.