Threat Management

FBI asks ransomware victims to come forward

The Federal Bureau of Investigation (FBI) is continuing its effort to obtain support from businesses and private entities in its fight against ransomware by issuing a plea for victims to promptly and completely report any such incidents.

In a document the FBI noted that it has had trouble fully understanding the depth of the ransomware crisis due to victim's reticence in coming forward. The law enforcement agency did understand why people were unwilling to come forward such as, privacy concerns, the belief the loss does not warrant the FBI's attention or perhaps damaging their businesses reputation, but without a better understanding of the scope of the problem the agency will be unable to determine who is conducting the attacks.

“Knowing more about victims and their experiences with ransomware will help the FBI to determine who is behind the attacks and how they are identifying or targeting victims,” the FBI said.

Jadee Hanson, Code42's director information security, called the plea a rarity and an indication of how much of a threat these attacks present.

"The latest FBI's recent plea for ransomware victims to report incidents is almost unprecedented, and shows how serious ransomware is becoming in the enterprise market," Hanson told SCMagazine.com in an emailed statement, adding, "The security industry appreciates the FBI's request for more information on ransomware attacks. But the ask is akin to reporting a car break in - there is little chance of recovering what's been lost."

The information the FBI is seeking from victims is:

  1. Date of Infection
  2. Ransomware Variant (identified on the ransom page or by the encrypted file extension)
  3. Victim Company Information (industry type, business size, etc.)
  4. How the Infection Occurred (link in e-mail, browsing the Internet, etc.)
  5. Requested Ransom Amount
  6. Actor's Bitcoin Wallet Address (may be listed on the ransom page)
  7. Ransom Amount Paid (if any)
  8. Overall Losses Associated with a Ransomware Infection (including the ransom amount)
  9. Victim Impact Statement
Updated includes Hanson's comment.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.