FBI's Advice on Ransomware? Just Pay The Ransom!

[StrongAsFe]

The FBI wants companies to know that the Bureau is there for them if they are hacked. But if that hack involves Cryptolocker, Cryptowall or other forms of ransomware, the nation’s top law enforcement agency is warning companies that they may not be able to get their data back without paying a ransom.  

“The ransomware is that good,” said Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program in its Boston office.  “To be honest, we often advise people just to pay the ransom.”

Bonavolonta was addressing a gathering of business and technology leaders at the Cyber Security Summit 2015 on Wednesday at Boston’s Back Bay Events Center. He was referring to ransomware programs like Cryptolocker, Cryptowall, Reveton and other malicious programs that encrypt the contents of a victim’s hard drive, as well as other directories accessible from the infected system. The owner is then asked to pay a ransom – often hundreds of dollars – for the key to unencrypt the data.

FBI Boston’s Joseph Bonavolonta address the Cyber Security Summit on October 21st. Bonavolonta said that paying the ransom is often the easiest path out of ransomware infections. (Photo courtesy of FBI.)

Ransomware, in various forms, has been around for more than a decade. But the past three years has seen a steep rise in incidents involving the programs, which often infect users via malicious email attachments or drive by downloads from compromised websites or malicious web ads (malvertising). That has resulted in an increase in complaints to the FBI, said Bonavolonta. Police departments appear particularly prone to ransomware infections. But the problem has been widely noted. The infections can be difficult to remove, as this article from the Yuma Sun about a Cryptolocker infection in the newsroom notes.

The FBI issued a notice in June, which identified CryptoWall as the most common form of ransomware affecting individuals and businesses in the US. The Bureau said it had received 992 complaints related to CryptoWall between April 2014 and June 2015 with losses totaling $18 million. That message advised victims of ransomware to contact their local FBI field office.

Bonavolonta echoed that advice in his remarks on Wednesday, but also cautioned that the Bureau may not be able to pry encrypted data from the clutches of the ransomware authors, who use ultra secure encryption algorithms to lock up ransomed data.

“The easiest thing may be to just pay the ransom,”Bonavolonta, who said that efforts by the Bureau and others to defeat the encryption used by the malware did not bear fruit. “The amount of money made by these criminals is enormous and that’s because the overwhelming majority of institutions just pay the ransom.”

The success of the ransomware ends up benefitting victims: because so many people pay, the malware authors are less inclined to wring excess profit out of any single victim, keeping ransoms low. And most ransomware scammers are good to their word, Bonavolonta said. “You do get your access back.”

Still, the Boston head of cyber said that organizations that have procedures in place for regularly backing up their data can avoid paying a ransom at all, by simply restoring the infected system to a state prior to the infection. 

And the FBI still wants to hear about ransomware infections, even from firms that pay the criminals off. “Do we want you to call the FBI? Yes,” said Bonavolonta. The FBI has been collecting information on ransomware scams and wants to be able to keep abreast of how the scams are evolving.

 

 

hahaha this is funny

but what kind of a company wouldn't have disconnected backups??

 

source

[iamdarkyoshi]

Ho boy. We had a cryptolocker go out on our IT network and do stuff, but we made backups. We then use a command to search for the "how to get your shit back" text files and ran AV on the computers with those files.

[Guest Kloaked]

Those individuals should not be representing our law enforcement in this regard, as they probably didn't even bother to get counsel from their IT departments who know what the fuck they're talking about

[Jade]

And to think they're supposed to be smart... yay, US government.

[Guest]

Option 3:

 

Make regular secure backups. 

 

But yeah, to think they advise people to just pay up is kind of ironic. 

[KemoKa]

Whoa, seriously? The FBI, telling people to roll over and cough up? what a miserable fail. You can just have a small NAS that you back up to every so often. Have it SSD-based so that you can back everything up every 30mins or so. Or just have a PFSense router with AV on it.

Seriously, the LTT forum should be their consulting platform if the FBI is so incompetent that they can't advise people on how to prevent ransomware. "Oh, well, if it happens, just give them money. That's okay... Listen to us, coz we're the good guys"

 

[That_Random_Guy]

haha, most companies should have regular backups of their files, but i would think that the biggest place to make money would be to hold up an individuals computer since they are less likely to have old backups stored off their computers. Theres plenty of people in my family that would most likely pay off the scammer. As for me, i don't really care, if they hack me all they will get is about 3tb of anime and a few dozen game data and a bit of school work. so i would be like, yeh nice try... fresh install. since theres no guarantee that they wont hold your computer up later down the road.

[StrongAsFe]

Whoa, seriously? The FBI, telling people to roll over and cough up? what a miserable fail. You can just have a small NAS that you back up to every so often. Have it SSD-based so that you can back everything up every 30mins or so. Or just have a PFSense router with AV on it.

Seriously, the LTT forum should be their consulting platform if the FBI is so incompetent that they can't advise people on how to prevent ransomware. "Oh, well, if it happens, just give them money. That's okay...

 

then the hackers infiltrate the NAS and delete all the information on it

 

10/10 security

 

you need disconnected backups

[Whorax]

And to think they're supposed to be smart... yay, US government.

As I put on my tin foil hat, I can probably safely assume most people in charge of this country are supreme idiots.

[That_Random_Guy]

As I put on my tin foil hat, I can probably safely assume most people in charge of this country are supreme idiots.

well your pretty close. in actuality its more along the lines of them not caring about anyone else but themselves. you hack them and you'll start a war, but hack grandma down the road and no one cares

[KemoKa]

then the hackers infiltrate the NAS and delete all the information on it

 

10/10 security

 

you need disconnected backups

You're seriously telling me that there's no way to detect unauthorized encryption of files? Sure, disconnect the backups, but really...

[StrongAsFe]

As I put on my tin foil hat, I can probably safely assume most people in charge of this country are supreme idiots.

 

 

well your pretty close. in actuality its more along the lines of them not caring about anyone else but themselves. you hack them and you'll start a war, but hack grandma down the road and no one cares

these guys are top of the line system admins, you have no right to ridicule them, you know fuck all about security anyway

14 year old bigots

[Whorax]

these guys are top of the line system admins, you have no right to ridicule them, you know fuck all about security anyway

14 year old bigots

You have no right to ridicule me and call me a bigot, so fuck right off and remember you're posting your bullshit on a public forum for people to give their opinions about. And before you call someone a 14 year old, learn to type like someone that passed 6th grade English. 

[That_Random_Guy]

 you have no right to ridicule them, you know fuck all about security

Well first, i wasn't ridiculing them, i was just stating the facts. hardly every does the fbi take action over a few incidents, but when something hits them, it hits the news almost immediately.  

 

Second, yea i don't know alot about security but i do know this, since when are criminals considered trust worthy... would you trust a child molester with your baby because they said they wouldn't do anything, Hell no. And besides even if you did pay the hackers off, there is no reason that they would want to remove all of their program from your computer. you cant tell me that they erase all their data from your computer once they are paid. They can say its removed but traces will remain and your could be held up again in the future.

[Belgarathian]

The amount of people saying that the FBIs recommendation to pay the ransom is ridiculous... is kind of ridiculous. Depending on the severity of the infection, most businesses can't run without their IT for any significant amount of time. There are plenty of case studies showing that businesses who lose access to their IT end up in receivership depending on what is lost. 

 

Imagine Microsoft losing all their payroll information and having their development servers encrypted. You can't afford to have the FBI investigate it for 3 months when you have overheads that will keep costing you regardless of what your staff are doing. Just pay the $1,000,000 ransom and move on. 

[Guest Kloaked]

You have no right to ridicule me and call me a bigot, so fuck right off and remember you're posting your bullshit on a public forum for people to give their opinions about. And before you call someone a 14 year old, learn to type like someone that passed 6th grade English. 

 

rekt

[Guest Kloaked]

The amount of people saying that the FBIs recommendation to pay the ransom is ridiculous... is kind of ridiculous. Depending on the severity of the infection, most businesses can't run without their IT for any significant amount of time. There are plenty of case studies showing that businesses who lose access to their IT end up in receivership depending on what is lost. 

 

Imagine Microsoft losing all their payroll information and having their development servers encrypted. You can't afford to have the FBI investigate it for 3 months when you have overheads that will keep costing you regardless of what your staff are doing. Just pay the $1,000,000 ransom and move on. 

 

Imagine a world without backups and redundancy, because that's what world you're talking about.

[Belgarathian]

Imagine a world without backups and redundancy, because that's what world you're talking about.

 

I completely agree that what I've said is an extreme example, but the case is that very few people unless you're a large corp or have an understanding of IT regularly back up data. It's a scary thought, but it's true. 

 

People don't back up data until it's too late, or they've had a bad experience with lost data previously. But even then it's like being caught by the cops for speeding, the first 2 months you'll be careful and then slowly revert to your old habits again. 

[SpaceNugget]

The amount of not understanding here is mind boggling. They are not saying that this is a prevention strategy, they are saying that this is the only course of action to take AFTER it has already happened. No one said to not make backups, no one said to not use safe computing practices, no one said not to use firewalls and antiviruses. All they said was that they cant help you decrypt your information once you have been hacked, so if you want it back you have to deal with the people who encrypted it.

[Guest Kloaked]

I completely agree that what I've said is an extreme example, but the case is that very few people unless you're a large corp or have an understanding of IT regularly back up data. It's a scary thought, but it's true. 

 

People don't back up data until it's too late, or they've had a bad experience with lost data previously. But even then it's like being caught by the cops for speeding, the first 2 months you'll be careful and then slowly revert to your old habits again. 

 

Yeah I agree, but at the same time it's still bad advice in my opinion.

 

I hope they at least encouraged techniques on how to prevent such a thing from happening.

[Arty]

well its obs only one reason why they would say that

 

they are the cause

 

 

 

 

you pay the guy, it won't change anything.

[Guest]

I see ransomware a challenge. 

[Trik'Stari]

 

Also, in response to the OP comment "what kind of company wouldn't have disconnected backups?" I can answer that. A company run by morons who don't listen to their IT department.

[Decon]

thats why you have read-only backups lol

[EChondo]

I agree with the FBI here. If you don't have backups and you get infected to this degree you either pay them or leave the files behind. Good luck breaking the types of encryptions they use in a reasonable amount of time and no one government wise is going to help you with that.

 

If you have backups this woon't be an issue.