The FBI would like to see victims of ransomware-style cyberattacks come forward more often with information about their experiences, according to a newly released public service announcement.
In an effort to better understand how adversaries are conducting operations, the bureau is urging affected organizations to provide data related to infected systems and records, payments and attackers’ bitcoin wallet addresses.
Though there are hundreds if not thousands of different ransomware variants, generally this species of malware encrypts files on a computer or server to make them inaccessible until a ransom is paid.
The FBI PSA bulletin, published via the Internet Crime Complaint Center, follows recent comments made by FBI Director James Comey, who spoke on the topic during a cybersecurity business conference in Washington, D.C., on Aug. 30.
“All the information, all the evidence we need, sits in private hands in the United States and that is a wonderful thing,” Comey said, speaking at Symantec’s Government Symposium conference.
“We have discovered that the majority of our private partners do not turn to law enforcement when they face an intrusion. And that is a very big problem,” Comey said. “It is fine to turn to one of the many excellent private sector entities that will help with attribution and with remediation — that’s good. But we have to get to a place where it is routine for people who are victimized to turn to us for assistance.”
While the new PSA is far from the first time the bureau has urged the private sector to come forward with threat intelligence, Thursday’s PSA offers a rare, detailed request for specific data on the part of ransomware victims. Notably, any and all related submissions will require the victims to provide a contact name, address, telephone number and email to authorities.
In the past, the FBI has consistently urged businesses to deny payment in a ransomware event and to instead notify the authorities immediately.
“We know your primary concern is getting back to normal when you run any type of enterprise, especially a for-profit business. But we need to figure out who is behind that attack and it is in your interest … you’re kidding yourself if you think that problem is going to go away and not return to re-victimize you,” Comey said at the Symantec conference.
Depending on where a business is located in the U.S. — due to differing breach disclosure laws per state — secretly paying off hackers to regain access to internal data may be considered a criminal offense. Due to this reality, the decision to involve law enforcement in reviewing past incidents may present a challenge: will businesses “trust” the FBI with case information that could lead to a lawsuit?
For now, it appears the FBI is at least aware of that challenge, based on previous statements made by Comey.