In early October of 2019, the Department of Justice issued FBI ransomware guidance. The FBI ransomware guidance is a public service announcement that contains updated information about the ransomware threat. This FBI ransomware guidance updates and is a companion to to Ransomware PSA I-091516-PSA posted on www.ic3.gov in 2016.
What is Included in Latest FBI Ransomware Guidance?
The FBI Ransomware guidance begins with the definition of ransomware. Ransomware is a form of malware that encrypts files on a victim’s computer or server, making them unusable. Cybercriminals demand a ransom in exchange for providing a key to decrypt the victim’s files.
The guidance further notes that ransomware attacks are becoming more targeted, sophisticated, and costly, even as the overall frequency of attacks remains consistent. According to the guidance, since early 2018, the number of broad, indiscriminate ransomware “campaigns” has gone down. However, the financial losses sustained from ransomware attacks have gone up significantly, according to complaints received by the Internet Crime Complaint Center (IC3) and FBI case information.
How Does Ransomware Work?
As noted in the guidance, the FBI has observed cybercriminals using the following techniques to infect victims with ransomware:
- Email Phishing Campaigns: In a phishing campaign, the cybercriminal sends an email containing a malicious file or link, which deploys malware when clicked by a recipient. While cybercriminals previously used generic spamming strategies to deploy the malware, recent ransomware attacks have been more targeted.
- A specific type of malware known as precursor malware compromises a victim’s email account, allowing the cyberattacker to use that account to further expand the infection.
- Remote Desktop Protocol Vulnerabilities: RDP is a proprietary network protocol. RDP allows individuals to control the resources and data of a computer over the Internet. Cybercriminals have used “brute force” methods to gain unauthorized RDP access. A “brute force” attack consists of successive attempts of trying various password combinations to break into a website. Cyberattackers also use credentials purchased on darknet marketplaces to gain unauthorized RDP access to victim systems. Once a cybercriminal has gained RDP access, the cybercriminal can then deploy a range of malware – including ransomware – to target systems.
To read more… FBI Ransomware Guidance Issued.