FBI’s Advice to Ransomware Victims: Don’t Pay


In a new post warning about the relentless waves of ransomware attacks targeting businesses and individuals, the Federal Bureau of Investigation (FBI) has advised victims not to pay ransomware attackers.

The FBI has urged organizations to not give in to temptation and pay their extortionists in a bid to recover their data. Instead, the Bureau urged companies and organizations to stay vigilant while operating browsers and operating systems.

A common suggestion by the Bureau is that companies back up frequently. The Bureau also advises companies lock down access granted to individuals as well as urging admins to effectively manage configuration of directories, file systems and network shares.

Also, the FBI does not want companies paying a ransom in response to a ransomware attack.

FBI Cyber Division Assistant Director James Trainor stated:

Paying a ransom doesn’t guarantee an organization that it will get its data back – we’ve seen cases where organizations never got a decryption key after having paid the ransom.

He opined that a ransom paid only serves to embolden cybercriminals to target more organizations. Additionally, the chance of a lucrative payday even encourages cybercriminals to get involved in such illegal activities.

The FBI recommends two main areas of focus for organizations to steer clear of suchthreats. They are:

  • Prevention efforts – both in terms of awareness training for employees and robust technical prevention controls; and
  • The creation of a solid business continuity plan to ensure that operations continue without a hitch, in the event of a ransomware attack.

Trainor added:

There is no one method or tool that will completely protect you or your organization from a ransomware attack. But, contingency and remediation planning is crucial to business recovery and continuity – and these plans should be tested regularly.

Although ransomware attacks have been around for a few years, 2015 saw a marked increase in such cyberattacks. The increase was notable in organizations chosen as targets since the payoffs are higher than those obtained from everyday individuals. Ransomware attacks in 2016 aren’t showing any signs of stopping either, with malware authors and attackers employing new and sophisticated means to strike at their targets.

Image credit: Wikimedia.