The FBI is urging victims of ransomware to report any incidents of infection so it can get a better idea of the scale of the problem facing the authorities.
The Feds claimed in a public service announcement late last week that some recent victims have not received the promised decryption keys after paying up, but instead have been extorted for more money.
It pleaded:
“While ransomware infection statistics are often highlighted in the media and by computer security companies, it has been challenging for the FBI to ascertain the true number of ransomware victims as many infections go unreported to law enforcement.
Victims may not report to law enforcement for a number of reasons, including concerns over not knowing where and to whom to report; not feeling their loss warrants law enforcement attention; concerns over privacy, business reputation, or regulatory data breach reporting requirements; or embarrassment.”
Other firms which resolve the issue by paying up or restoring their files from a recent back-up might also not feel the need to report, the FBI claimed.
The agency ideally wants a detailed breakdown of infection attempts, including the variant, the attack vector, the Bitcoin wallet address, ransom amount and estimated overall losses as a result of the attack.
It warned that recent attacks have started to target vulnerable business servers, in a bid to multiply the number of potential infected devices.
Victims are often charged in this case based on the number of servers infected, the announcement continued.
Best practice advice continues to include things like regular back-ups, up-to-date AV, disabling macros, prompt patching and caution when opening unsolicited emails.
Jadee Hanson, director of information security at back-up firm Code42, claimed a quarter of the firm’s customers have used its software to recover from ransomware.
“Ransomware is big business and new, better variants are being created faster than the industry is creating solutions,” she said.
“The only viable way to survive ransomware is effective endpoint data backup so that you simply revert to a restore point before the attack that encompasses all data regardless of where it resides. Once you’re hit, it’s too late."
A recent survey from Trend Micro claimed nearly half (44%) of UK businesses have been infected with ransomware over the past 24 months, but one in five who paid didn’t get their data back.