Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

9/7/2016
05:45 PM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

FBI Official Explains What To Do In A Ransomware Attack

Feds say even basic information can advance the agency's investigation.

Businesses or consumers hit by ransomware should refuse to pay the ransom and immediately contact the FBI or file a complaint on www.ic3.gov, the federal government’s website for filing and sharing information about cybercrime, an FBI official said today.

Will Bales, supervisory special agent for the FBI’s Cyber Division, said any information, whether it’s a Bitcoin wallet address, transaction data, the hashtag of the malware, or any email correspondence, can help advance an FBI ransomware investigation.

“People have to remember that ransomware does not affect just one person or one business,” Bales said. “It will more than likely move on and affect somebody else. And for those who pay the ransom, it only encourages them to extort the next person.”

Bales was part of a panel discussion on ransomware today at the kickoff of the Federal Trade Commission’s Fall Technology Series held at the Constitution Center in Washington, DC.

FTC Chairwoman Edith Ramirez started the afternoon conference by underscoring how the threat of ransomware has increased in the past year.

Ramirez cited Justice Department data that said there have been 4,000 ransomware attacks daily since January 1, 2016 alone – a quadrupling of such attacks in just a year. In addition, PhishMe research found that 93% of phishing emails now contain some variant of ransomware.

“Ransomware attackers can access extremely sensitive personal information such as medical data, financial account numbers, and the contents of private communications, some of which may be sold on the dark web,” Ramirez said. “We are eager to expand our understanding of this growing threat … and for nearly a decade we’ve worked with other agencies and have provided guidance to consumers and businesses on how to best protect their computers and networks.”

The FTC Chairwoman also said the agency will be active in pressing cases against the attackers, pointing out that the agency has made at least 60 enforcement actions around companies not protecting consumer data. She said not protecting against ransomware may violate federal law.

The FBI’s Bales said the government has been making progress on prosecuting ransomware cases, but would give no real specifics other than to say they have been successful in working with other law enforcement agencies around the world in taking down the infrastructure of some of the ransomware criminals.

Bales indicated that there would be more news of success stories in the upcoming months.

Related Content:

 

 

Steve Zurier has more than 30 years of journalism and publishing experience and has covered networking, security, and IT as a writer and editor since 1992. Steve is based in Columbia, Md. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3113
PUBLISHED: 2021-01-17
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and ...
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...