October 04, 2019
FBI Issues Ransomware Alert and Advice for Businesses
The FBI has issued a ransomware announcement for high-impact attacks and their threat on businesses. The FBI’s Internet Crime Complaint Center (IC3) outlined more guidelines and advice on what businesses should do in the event of a ransomware infection. The IC3 Initially issued a warning in September 2016 and is again reminding businesses on how to avoid ransomware and what they should in the case of an infection.
“The most important defense for any organization against ransomware is a robust system of backups. Having a recent backup to restore from could prevent a ransomware attack from crippling your organization. The time to invest in backups and other cyber defenses is before an attacker strikes, not afterward when it may be too late.”
In addition to some best practices, the FBI is also urging businesses to avoid paying the ransom demand and report the attack to further help them collect evidence and help combat the cybersecurity threat.
“The FBI does not advocate paying a ransom, in part because it does not guarantee an organization will regain access to its data.”
As we found in our State of the Channel Ransomware Report, the majority of attacks are not reported to authorities making it harder to determine the full scope of ransomware's impact on businesses.
The FBI has included some cyber-defense best practices:
- Regularly back up data and verify its integrity. Ensure backups are not connected to the computers and networks they are backing up. For example, physically store them offline. Backups are critical in ransomware; if you are infected, backups may be the best way to recover your critical data.
- Focus on awareness and training. Since end-users are targeted, employees should be made aware of the threat of ransomware and how it is delivered and trained on information security principles and techniques.
- Patch the operating system, software, and firmware on devices. All endpoints should be patched as vulnerabilities are discovered. This can be made easier through a centralized patch management system.
- Ensure anti-virus and anti-malware solutions are set to automatically update and that regular scans are conducted.
In the event of a ransomware infection, it’s imperative to isolate the affected machines as quickly as possible to prevent further spreading. If the FBI’s advice sounds familiar, you’ve likely heard very similar advice from Datto regarding ransomware defense best practices. You can check out our best practices for a secure BCDR appliance. In addition, Datto Partners can read more best practices for SIRIS, ALTO, and NAS.