On Wednesday the FBI published a public service announcement warning that high-impact ransomware attacks are threatening U.S. businesses and organizations. The PSA covers the basics of what ransomware is and how it infects its victims.
Of note, but not surprise, is the FBI’s advice to victims of ransomware attacks not to pay. The PSA reads, “The FBI does not advocate paying a ransom, in part because it does not guarantee an organization will regain access to its data,”The document adds that “Paying ransoms emboldens criminals to target other organizations and provides an alluring and lucrative enterprise to other criminals.”
This idea that people paying ransoms emboldens attackers is something we have seen over time, in real time. In June several local governments in Florida paid the ransom demand, and by August 22 local governments in Texas were hit with a crippling coordinated ransomware attack.
The FBI did have a slightly understanding tone to businesses that will end up paying ransoms saying, “The FBI understands that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers,”
Pay or not, the FBI aks all victims of ransomware to report the incidents to law enforcement. “Doing so provides investigators with the critical information they need to track ransomware attackers, hold them accountable under U.S. law, and prevent future attacks,” the PSA notes.
The FBI’s PSA comes at a time when we are seeing no shortage of devastation from attacks. This week some Alabama hospitals were forced close to all but the most critical patients after a ransomware took the computers down, and days earlier it was a similar story for number of Australian hospitals. We’ve also seen ransomware attacks hit hundreds of dentists, plus the Texas towns I name above, schools in Louisiana and no one knows how many individuals.