Ransomware Guidance Updated by FBI in Response to the Extent of U.S. Ransomware Epidemic

A new report from Emsisoft, a New Zealand-based cybersecurity company, exposed the magnitude of ransomware usage in cyberattacks in America. 2019’s first 9 months had 621 reports of ransomware attacks on government agencies, healthcare companies, and educational bodies.

Ransomware attacks can result in devastating outcomes. A healthcare provider recently announced its permanent closing because of the substantial damage of a ransomware attack on its systems and the irreversible loss of patient records. This healthcare company is the second this year that had to close down because of a ransomware attack.

Even if it is possible to recover files by paying the ransom or accessing backups, ransomware attacks bring about serious disruption and cause extensive losses. When DCH health system experienced a ransomware attack, it was compelled to temporarily close its three hospitals to all patients except the critical ones whilst having systems restoration. Ransomware attacks on municipalities have blocked access to essential services; police units could not access records systems; and schools had to send students home and, in one instance, held off the beginning of the school year.

The attacks have resulted in substantial costs. Lake City in Florida spent $460,000 for the ransom demand and Riviera Beach in Florida spent $600,000 in exchange for the decryption keys. Those high payments were only a percentage of the entire cost of the attacks.

In case the attacked entity decides not to pay the ransom, the costs could be significantly higher. The city of Baltimore refused to pay the ransom demand of $76,000, and had to suffer the mitigation cost of about $18.2 million. Last month, Demant, the Danish hearing aid maker, suffered a suspected ransomware attack and likely spent $80 million to $95 million as a result.

Whenever attacks happen, it might be possible to recover files without the need of paying the ransom. Emsisoft has created workarounds for specific kinds of ransomware attacks. The NoMoreRansom project has free decryptors available for several variants of ransomware. Nonetheless, in most instances attacked entities simply have three options: pay the ransom demand, settle for file loss, or recover files using backups.

Because of the recent attacks, the FBI’s Internet Crime Complaint Center (IC3) updated its guidance on ransomware. The FBI has long held the perspective that it is not advisable to pay a ransom. The attackers might not actually have valid decryption keys or might decide not to give them and demand more ransom after the initial payment.

The encryption process might corrupt the data making it impossible to retrieve some or the entire encrypted data. The FBI additionally says that paying ransoms makes the criminals bolder in targeting other businesses because of the appealing and profitable enterprise.

Having said that, in the newest ransomware guidance, the FBI seems to have somewhat softened its position on paying ransoms, stating that in certain cases, the best solution is probably to pay the ransom demand.

The recent attacks have obviously proven is that it is important to be sure all critical data have valid backups to give attacked entities’ alternate options. It is not helpful to create backups and store them on networked systems since those backups can be encrypted also. Create several backup copies and store at least one backup copy on a device that is not connected to the internet or any network. It is additionally important to check backups to ensure files are retrievable in case of disaster. When backups are damaged, the only option left is to pay the ransom.

About Christine Garcia 1303 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA