FBI Asks Ransomware Victims to Report Infections

ic3The rare Tuesday post.  I got an announcement from the FBI on Friday that I thought was important enough to share that I am squeezing into to my regular publishing schedule on what is typically an off-day. Anyway, now is your chance to stick it to the criminals who have been distributing Locky, CryptoWall, CryptoLocker and other ransomware exploits.  If you or your business has been victimized by one of these scams, the FBI wants to hear from you.  It is my assumption that they are building an international case against the purveyors of these scams.  They need your help to build that case.

You and I hear all the time about the terrible cyber crimes that are happening, and sometimes fall victim to one of them.  It is rare to hear about prosecutions, judgments against, and the incarceration of these cyber-criminals.  But it is happening.  Last week at the (ISC)2 Security Conference, I heard a terrific story from a former New York City ADA John Bandler about one such take down, that took 2 years to investigate and 3 months to prosecute.  We are working on a post or series of posts about that case, so stay tuned.

Here is part of the statement from the FBI.  If you have fallen prey to these scammers, you ought to link through to their post, read it, and follow the instructions.

“The FBI is requesting victims reach out to their local FBI office and/or file a complaint with the Internet Crime Complaint Center, at www.IC3.gov, with the following ransomware infection details (as applicable):

  1. Date of Infection
  2. Ransomware Variant (identified on the ransom page or by the encrypted file extension)
  3. Victim Company Information (industry type, business size, etc.)
  4. How the Infection Occurred (link in e-mail, browsing the Internet, etc.)
  5. Requested Ransom Amount
  6. Actor’s Bitcoin Wallet Address (may be listed on the ransom page)
  7. Ransom Amount Paid (if any)
  8. Overall Losses Associated with a Ransomware Infection (including the ransom amount)
  9. Victim Impact Statement”



About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.