FBI Releases Guidance on Protecting Against Ransomware Attacks
May 16, 2016 02:31 PM
The Federal Bureau of Investigation (FBI) has released guidance for organizations and their employees to protect against a “ransomware” attack, in which criminals encrypt or block access to important files and demand a ransom to release them.
Such attacks are not only proliferating, the FBI said, but becoming more sophisticated. “These criminals have evolved over time and now bypass the need for an individual to click on a link. They do this by seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers,” said FBI Cyber Division Assistant Director James Trainor.
The FBI does not support paying a ransom to release the files. “Paying a ransom doesn’t guarantee an organization that it will get its data back—we’ve seen cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals,” Trainor said.
Following are some of the recommendations provided by the FBI:
Tips for Dealing with the Ransomware Threat
While the below tips are primarily aimed at organizations and their employees, some are also applicable to individual users.
Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.
Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).
Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.
Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.
Configure access controls, including file, directory, and network share permissions appropriately. If users only need read specific information, they don’t need write-access to those files or directories.
Disable macro scripts from office files transmitted over e-mail.
Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).
Business Continuity Efforts
Back up data regularly and verify the integrity of those backups regularly.
Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.
The guidance is available here.
In addition, the Department of Health and Human Services has announced a new task force to develop guidance specific to the health care industry. Stay tuned to NAHC Report for further coverage of these efforts.