The FBI has issued an alert, warning about possible high-impact ransomware attacks targeting US businesses and organisations. However, the announcement does not specifically state the nature or origin of possible attacks.
"Although state and local governments have been particularly visible targets for ransomware attacks, ransomware actors have also targeted health care organizations, industrial companies, and the transportation sector," said the announcement.
After describing the possible techniques criminals use to infect ransomware, the agency said that if at all an attack occurs, the victim should refrain from paying the ransom.
"Paying ransoms emboldens criminals to target other organizations and provides an alluring and lucrative enterprise to other criminals. However, the FBI understands that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers," the announcement explained.
"Regardless of whether you or your organization have decided to pay the ransom, the FBI urges you to report ransomware incidents to law enforcement. Doing so provides investigators with the critical information they need to track ransomware attackers, hold them accountable under US law, and prevent future attacks," it added.
"It’s no wonder cyber-criminals are going after the high-value ransoms with so many tools to help protect their anonymity. However, this is not an excuse as to why these attacks are still occurring. There is plenty of advice available to companies that are targeted to mitigate the malicious software executing on their networks," said Jake Moore, cyber-security specialist at ESET.
The most important defense for any organization against ransomware is a robust system of backups, said the announcement.
"As ransomware techniques and malware continue to evolve and become more sophisticated, even the most robust prevention controls are no guarantee against exploitation. This makes contingency and remediation planning crucial to business recovery and continuity. Those plans should be tested regularly to ensure the integrity of sensitive data in the event of a compromise," it said.
There is an argument that insurers are leveraging the problem too, as cyber-insurance can cover ransomware in many cases, said ESET’s Moore.
"Legally, a company can ensure its data and put a price on getting it back should it be deemed unreadable or lost. It would be naive to suggest that threat actors are not taking advantage of this possibility that is driving them towards the higher hanging fruit," he said.
Moore noted that staff training is important as targeted phishing attacks are still prevalent. However, the number one rule for companies of all sizes is to back up properly and test the restore process regularly, he added.
"Having a recent backup to restore from could prevent a ransomware attack from crippling your organisation. The time to invest in backups and other cyber defenses is before an attacker strikes, not afterward when it may be too late," said the FBI announcement.