Ransomware has become a significant threat to U.S. businesses and individuals. In 2014, over 1,800 complaints were filed regarding ransomware, resulting in a loss of more than $23 million. In 2015, that number grew to more than 2,400 complaints with a reported loss of more than $24 million.
Perpetrators use ransomware to encrypt a user’s important files and documents, making them unreadable, until a ransom is paid. Ransomware victims are not only at risk of losing their files but may also experience financial loss due to paying the ransom, loss of productivity, IT services, legal fees, network countermeasures, and/or the purchase of credit monitoring services for employees or customers if their information was referenced in the encrypted files. Everyone is at risk from this threat; there is no indication at this time that any particular sector or type of business or individual is specifically targeted.
Prevention is the most effective defense against ransomware, and it is critical to take precautionary measures for protection. These measures include, but are not limited to, the following:
- Implement a robust data back-up and recovery plan. Maintain copies of your files, particularly sensitive or proprietary data, in a separate secure location. Back-up copies of sensitive data should not be readily accessible from local networks.
- Never open attachments included in unsolicited e-mails. Be very vigilant about links contained in e-mails, even if the link appears to be from someone you know.
- Keep your anti-virus software up to date.
- Enable automated patches for your operating system and web browser.
- Only download software, especially free software, from sites you know and trust.
While the FBI recognizes that ransomware victims may feel they have few viable options if they do not have a data backup or if they cannot sustain a release of confidential or proprietary information, the FBI does not condone payment of ransoms. Payment of extortion monies may encourage continued criminal activity and lead to other victimizations, and the funds may be used by criminals to facilitate other serious crimes. In addition, in some cases, even if payment is made, the decryption key provided by the perpetrator to unlock files may not work due to the system configuration issues.