FBI Warns of Sharp Increase in Ransomware Attacks in Certain Sectors

Robinson+Cole Data Privacy + Security Insider
Contact

The Federal Bureau of Investigations Internet Crime Complaint Center (IC3) recently issued a public service announcement warning private companies about the increasing numbers of ransomware attacks affecting private industry. According to the warning, “Although state and local governments have been particularly visible targets for ransomware attacks, ransomware actors have also targeted health care organizations, industrial companies, and the transportation sector.”

The ransomware attacks are initiated through “large scale or targeted phishing campaigns and exploiting software and Remote Desktop Protocol (RDP) vulnerabilities to get a foothold on their victims’ systems before encrypting their systems.”

The FBI is urging companies not to pay the ransom, and to contact the FBI in the event of an attack so it can use the information, along with information provided by other victims, to track the ransomware attackers, find them and hold them accountable, in order to prevent future attacks.

The FBI also recommends that companies:

  • Regularly back up data and verify its integrity
  • Focus on awareness and training
  • Patch the operating system, software, and firmware on devices
  • Enable anti-malware auto-update and perform regular scans
  • Implement the least privilege for file, directory, and network share permissions
  • Disable macro scripts from Office files transmitted via email
  • Implement software restriction policies and controls
  • Employ best practices for use of RDP
  • Implement application whitelisting
  • Implement physical and logical separation of networks and data for different org units
  • Require user interaction for end-user apps communicating with uncategorized online assets

Ransomware is extremely disruptive to business operations, so preparing for such incidents is mission critical, including deploying an incident response team and testing incident response plans.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.