PINDROP BLOG

FBI Renews Warning on Ransomware Threat

The FBI has issued a fresh warning about the ransomware epidemic, even as the volume and sophistication of the attacks continues to rise.

The latest major incident occurred last week when a power utility in Michigan was hit by a ransomware attack on its corporate network. The attack began, as many do, with a phishing message that an employee opened, eventually allowing the ransomware to infiltrate the network. The Lansing Board of Water and Light discovered the attack on April 25 and is still dealing with the effects of it.

“We immediately instated a self-imposed lockdown to all of our corporate networks to protect the system while developing a solution,” the utility said in a statement on Twitter.

“We are working with local, state and federal law enforcement authorities. No utility functionality has been lost during the attack.”

The Lansing BWL said that no customer information had been compromised during the attack, but it still caused a disruption to the utility’s normal operations. And that’s the goal of ransomware attacks: to wreak havoc on a victim’s network long enough to goad the victim into paying the ransom. But the FBI, which has been warning consumers and businesses about the threat of ransomware for more than a year now, does not encourage victims to pay the ransom in these case, even though that’s often the quickest way to recover data.

“Paying a ransom doesn’t guarantee an organization that it will get its data back—we’ve seen cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals,” said FBI Cyber Division Assistant Director James Trainor.

Ransomware attacks have been growing in both complexity and sophistication over the last few months, as attackers have moved away from mainly phishing-based campaigns to more Web-based ones. Phishing, while still effective, is more easily defended and well-understood by most potential victims. So now attackers are turning to the drive-by download technique, which has been used to spread normal malware for a long time.

“These criminals have evolved over time and now bypass the need for an individual to click on a link. They do this by seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers,” Trainor said.

Lansing BWL said that it has brought in incident response teams to help recover from the attack. The utility is not the only high-profile victim to be hit by ransomware recently. In February, a hospital in California discovered a ransomware infection on its network, and wound up paying the ransom in order to get the network back up and running.

“The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this,” a statement from Allen Stefanek, president and CEO of Hollywood Presbyterian Medical Center, said.