The Federal Bureau of Investigations Internet Crime Complaint Center (IC3) recently issued a public service announcement warning private companies about the increasing numbers of ransomware attacks affecting private industry. According to the warning, “Although state and local governments have been particularly visible targets for ransomware attacks, ransomware actors have also targeted health care organizations, industrial companies, and the transportation sector.”
The ransomware attacks are initiated through “large scale or targeted phishing campaigns and exploiting software and Remote Desktop Protocol (RDP) vulnerabilities to get a foothold on their victims’ systems before encrypting their systems.”
The FBI is urging companies not to pay the ransom, and to contact the FBI in the event of an attack so it can use the information, along with information provided by other victims, to track the ransomware attackers, find them and hold them accountable, in order to prevent future attacks.
The FBI also recommends that companies:
- Regularly back up data and verify its integrity
- Focus on awareness and training
- Patch the operating system, software, and firmware on devices
- Enable anti-malware auto-update and perform regular scans
- Implement the least privilege for file, directory, and network share permissions
- Disable macro scripts from Office files transmitted via email
- Implement software restriction policies and controls
- Employ best practices for use of RDP
- Implement application whitelisting
- Implement physical and logical separation of networks and data for different org units
- Require user interaction for end-user apps communicating with uncategorized online assets
Ransomware is extremely disruptive to business operations, so preparing for such incidents is mission critical, including deploying an incident response team and testing incident response plans.