Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Government Security

Victims Aren't Reporting Ransomware Attacks, FBI Report Concludes (bleepingcomputer.com) 87

Catalin Cimpanu, writing for BleepingComputer: Despite being an expanding threat, ransomware infections are rarely reported to law enforcement agencies, according to conclusions from the 2016 Internet Crime Report (PDF), released yesterday by the FBI's Internet Crime Complaint Center (IC3). During 2016, FBI IC3 officials said they received only 2,673 complaints regarding ransomware incidents, which ranked ransomware as the 22nd most reported cyber-crime in the US, having caused just over $2.4 million in damages (ranked 25th). The numbers are ridiculously small compared to what happens in the real world, where ransomware is one of today's most prevalent cyber-threats, according to multiple reports from cyber-security companies.
This discussion has been archived. No new comments can be posted.

Victims Aren't Reporting Ransomware Attacks, FBI Report Concludes

Comments Filter:
  • by Anonymous Coward

    Companies don't want outsiders to know that they have incompetent IT folk working for them. Or... they don't want people to know that they can't afford (or have chosen not) to upgrade their equipment and software. Or... they don't want people to know that management is incompetent.

    • by Thud457 ( 234763 )
      "SEE?!
      We TOLD you encryption was a problem!"
      • by Anonymous Coward

        If you bought Bitcoin at $0.10 per BTC, you'd look at a "Please pay us $300 in Bitcoins" and laugh as you proceed to give them what costed you less than 1 cent years ago.

        I think the real lesson here is: buy Bitcoin now, laugh at everyone in a few years.

        • $300 is $300 not $0.10

          It is immaterial what they cost originally. It is pretty evident you have no understanding of wealth and money. Most rich people became rich and / or stay rich because they don't look at it the way you claim you do.
    • Re:Big surprise: (Score:5, Insightful)

      by ShanghaiBill ( 739463 ) on Friday June 23, 2017 @02:47PM (#54677599)

      Or they know that government agencies will provide zero help in solving their problem.

      • by Anonymous Coward

        In my experience, less than zero: they will be an active hindrance.

        Which would you rather do, just restore from backup, install whatever patches you missed, and send everyone to training, or lock down all your computers until the FBI can get around to copying them for evidence in a few weeks?

        The FBI's problem is that every knows that getting them involved not only wouldn't help, it would make things worse.

      • That's exactly it. Whoever you report it to goes "o well, it's from another country. Can't do anything about it". So why report it, suck it up and then install Linux.
    • Companies don't want outsiders to know that they have incompetent users working for them...

      FTFY, since it's no secret who is responsible for infections 99.99% of the time.

    • by Anonymous Coward

      In particular, they don't want outsiders to know they're so incompetent they don't even have backups.

      Seriously, you don't need good security to thwart ransomware. Just restore from backup! Plain old backup that has been around long before we connected stuff to the internet. Back then, it protected us from disk & server failures. And knuckleheads with too much privilege deleting files.

      Good security is to secure uptime & thwart spies. That is an arms race. Foiling ransomware is too easy.

    • and they know there is fuck-all that the FBI can do about it.

      The FBI won't be able to decrypt the computers and will want them for evidence, making it more time consuming and expensive to get back to work.

      It's like walking around a corner and being sucker-punched by someone, and while you are on the ground, you see a cop out of the corner of your eye, you call out "Can you give me a hand up.", and the cop steps on your hand and replies "Not yet, I'm busy collecting evidence."

  • by Alan Shutko ( 5101 ) on Friday June 23, 2017 @02:27PM (#54677445) Homepage

    Law enforcement isn't going to do anything to help you about ransomware hitting your computer. For the victim, it's a waste of time.

    • by bodog ( 231448 )

      "Law enforcement isn't going to do anything to help you about ransomware hitting your computer. For the victim, it's a waste of time."

      Patently false. The fully appropriate "whata moron" shrug of the LEO eyebrows should be more than enough to dissuade repeat events.

    • by tattood ( 855883 )
      It's not law enforcement's job to help you recover your data. Their job is to arrest the people who did it, which is equally, if not more, difficult to do.
      • by Alan Shutko ( 5101 ) on Friday June 23, 2017 @02:36PM (#54677525) Homepage

        How likely is it that they will catch the people who did it? And if they do, how likely is that to reduce the chances of someone else doing the same thing?

        If someone steals your car, you contact the cops because it's possible you'll get your car back. Even if not, it's sort of possible they'll find the car thief, because the city is only so big. But finding who put ransomware on your computer among billions of people all over the world?

        Again, there's nothing in it for the victim.

        • by Holi ( 250190 )
          It's more that for you to make an insurance claim you must have a police report. Your most likely not getting the car back unless it was just some joyriders.
    • Law enforcement isn't going to do anything to help you about ransomware hitting your computer. For the victim, it's a waste of time.

      Ever consider the possibility that the cybercrime division actually could help by guiding an unknowing victim to available solutions to recover data instead of them blindly assuming all is lost and prematurely formatting hard drives?

      Let's not act like ransomware key recovery is some mythical event that's never happened before, or assume that every victim is aware of its existence.

      • by Anonymous Coward

        I did consider it for a moment, and then I laughed my ass off.

      • by ShanghaiBill ( 739463 ) on Friday June 23, 2017 @02:59PM (#54677681)

        Ever consider the possibility that the cybercrime division actually could help

        No. I was actually involved in a criminal case involving the FBI's cybercrime unit, and I would not even consider the possibility that they could figure out how to turn a computer on. I never met a group of more clueless people. The guy leading the investigation had been a history major in college, and had made no effort whatsoever to learn anything about technology. His subordinates were even dumber.

        Disclaimer: I was not the target of the investigation. The FBI contacted me because I had previously won a civil suit against the perp, and knew a lot about his business practices.

        • Worth remembering when the FBI announces that North Korea (or anyone else) hacked someone.
        • by Anonymous Coward

          Field agents for most places are like that. The actual technical people aren't called in unless absolutely necessary. A non-profit group I'm involved with was a victim of cybercrime where they managed to spearphish an officer to wire money to someone 1000 miles away. The recipient then used the information from the wire transfer to social engineer the bank and empty the account. Half a million gone in less than a day. It literally took them months to get the necessary warrants on the recipients account

    • My employer contacted the FBI for a security incident in 2009-ish. We were told that they don't consider matters with damages less than $10,000. Is that still the case?

    • 99% of the time, it's outside their jurisdiction anyway. How many domestic ransomware attacks have there been compared to China/Russia/Ukraine?

    • by skids ( 119237 )

      Seriously if you reported every con phone call, phishing attempt, ebay check cashing scam, malware site, or fraudulent snail mail how much of a time suck would that be? We're drowning in criminal activity these days... no surprise people just blow it off. (And now the role-model-in-chief is a fraudster so it's just going to get worse.)

      I only report the ones that piss me off when I'm in a bad mood. (Actually I have a good coincidental record of seeing the government take the rare action right after I file

  • It's not like they are particularly trusted or trustworthy. And I've never even heard of the "Internet Crime Complaint Center" and that likely goes for most people. The average person would only contact the FBI if they expected that the FBI would have some chance of doing something about the bad guys, and I just don't see that happening.
    • I filed a complaint a few days ago because some asshat tried to be cute with a dick pic of two men who bear a remarkable resembelance to me having sex. The dick pic by itself was nothing. Putting my name and URL was something else.

      https://www.ic3.gov/ [ic3.gov]

      • Unless you paid money for a copy of the pics, you reported it to the wrong place. At best this is a civil issue, not criminal.

        • Unless you paid money for a copy of the pics, you reported it to the wrong place. At best this is a civil issue, not criminal.

          This isn't just about the dick pic. It's three months of harassment on Slashdot that resulted in five user accounts being deleted and over two dozen DMCA takedown notices to remove my photo from image websites around the world.

          • None of that is their jurisdiction either.

            • None of that is their jurisdiction either.

              Harassment across state lines, Russian websites, foreign nationals. The only thing lacking is someone named Trump.

    • It's not like they are particularly trusted or trustworthy. And I've never even heard of the "Internet Crime Complaint Center" and that likely goes for most people. The average person would only contact the FBI if they expected that the FBI would have some chance of doing something about the bad guys, and I just don't see that happening.

      Yep. I ran into a bit of scamware that would of used flash against me if not for many things (NX not enabled, Not being a 64bit system, and on).
      Searching the number to of been called one finds many who complied with the scam top the list while scammers themselves follow. Google 1-844-667-1499 some reported it some didn't from their post and even then it was to the FTC or FCC.

      • And no I myself didn't report it, submitted it to /. who didn't deem it worthy... Trax3001bbs hands in pocket, looks at ground and slowly kicks at the dirt.

        • Maybe they have editorial standards? Of !== have, which you did twice in your parent post.

          Wait, no... They don't have standards. It is obviously personal, and they don't like you.

          • Maybe they have editorial standards? Of !== have, which you did twice in your parent post.

            Don't get me wrong it was a badly written piece and not complete, better off being posted to my journal.

  • It's kind of futile to report them, isn't it? The US doesn't have any meaningful ability to deal with attackers in Nigeria, much less China or Russia. Or am I wrong? I'd be happy to tell my customers they have some recourse.
  • by Anonymous Coward

    Most companies don't report ransomware attacks to the FBI because most companies consider it a waste of time. Everyone knows that if you get hit by ransomware, there's only three possible outcomes:

    1. You consider the encrypted data lost, and move on without it, or roll back to your freshest, unencrypted backup.
    2. You pay the ransom and hope to get the data back.
    3. You get lucky and the ransomware that hit you is one that's already been broken and you're able to recover the data yourself.

    There's nothing the

  • by TechyImmigrant ( 175943 ) on Friday June 23, 2017 @02:47PM (#54677595) Homepage Journal

    I get on the order of 50,000 attack probes every day. Should I be cataloging and report each one to the FBI?

    What makes a ransomware attack a special snowflake attack that needs reporting compared to spyware or bot install attempts?

  • ... when we say, "Don't go to the police [variety.com]," we mean it.

    Soon after, another email from the Dark Overlord arrived at Larson. “They said they felt they owed us an explanation as to why they had done it,” said Jill Larson. In the email, the hackers argued that Larson Studios had broken the terms of the agreement by talking to the FBI. “So they decided to punish us.”

  • Last I checked, FBI said to just pay the ransom.

    Why bother even reporting it.

    When dealing with ransomware myself, I do check the FBI for decryption-keys before I start restoring from backups, but reporting?

    Soon as I'm on the payroll, Hoover.

  • by moeinvt ( 851793 ) on Friday June 23, 2017 @04:02PM (#54678045)

    If you file a report, is the FBI under any obligation to keep it confidential? I wouldn't trust them to stay quiet even if that was their official policy. Those guys who leaked the "Orange is the New Black" episodes somehow learned that the studio had called the FBI, after being warned not to, and punished them for doing it, even though they paid the ransom.

    I read one paper by a security expert and he said that big banks in Europe and N. America have been doing this for years. Eat the losses from computer crime as a cost of doing business rather than risk damage to their reputation by reporting that someone had broken into their customer's accounts.

    I'm sure a lot of other companies would rather pay up than endure the bad publicity which would come from word getting out that "Company X was hacked".

  • by medv4380 ( 1604309 ) on Friday June 23, 2017 @04:49PM (#54678303)
    Ransom laws get sticky so why should I report when paying them may or may not be illegal. If I report and it happens that paying the ransom is illegal then the ransom can't be paid and the FBI is slowing down recovery. If I pay the ransom to fix the problem but then report it I might get in trouble so why bother? On the other hand, If I just restore the backups I've also destroyed the evidence so Why would I report the problem?
    • That's about like the oil companies arguing that they had to pay bribes to Nigerian officials because that was the only way to get things done. Now, the authorities are catching up with them, and the companies are paying a big price. Refusing to report ransomware to authorities because of fear of getting busted for paying ransoms...is short-sighted.

      • Perhaps, but I just restore from the tape backup, and nuke and pave the infected machines that aren't. Lost work? Let this be a lesson why you don't save to your desktop. No need to contact the FBI, and no money trail to lead back to me. Still is destruction of evidence and failure to report a crime. Who cares.
  • What would be the point?

Never test for an error condition you don't know how to handle. -- Steinbach

Working...