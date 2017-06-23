Victims Aren't Reporting Ransomware Attacks, FBI Report Concludes (bleepingcomputer.com) 28
Catalin Cimpanu, writing for BleepingComputer: Despite being an expanding threat, ransomware infections are rarely reported to law enforcement agencies, according to conclusions from the 2016 Internet Crime Report (PDF), released yesterday by the FBI's Internet Crime Complaint Center (IC3). During 2016, FBI IC3 officials said they received only 2,673 complaints regarding ransomware incidents, which ranked ransomware as the 22nd most reported cyber-crime in the US, having caused just over $2.4 million in damages (ranked 25th). The numbers are ridiculously small compared to what happens in the real world, where ransomware is one of today's most prevalent cyber-threats, according to multiple reports from cyber-security companies.
We TOLD you encryption was a problem!"
Or they know that government agencies will provide zero help in solving their problem.
Companies don't want outsiders to know that they have incompetent users working for them...
FTFY, since it's no secret who is responsible for infections 99.99% of the time.
Of course they aren't (Score:2)
Law enforcement isn't going to do anything to help you about ransomware hitting your computer. For the victim, it's a waste of time.
"Law enforcement isn't going to do anything to help you about ransomware hitting your computer. For the victim, it's a waste of time."
Patently false. The fully appropriate "whata moron" shrug of the LEO eyebrows should be more than enough to dissuade repeat events.
How likely is it that they will catch the people who did it? And if they do, how likely is that to reduce the chances of someone else doing the same thing?
If someone steals your car, you contact the cops because it's possible you'll get your car back. Even if not, it's sort of possible they'll find the car thief, because the city is only so big. But finding who put ransomware on your computer among billions of people all over the world?
Again, there's nothing in it for the victim.
Law enforcement isn't going to do anything to help you about ransomware hitting your computer. For the victim, it's a waste of time.
Ever consider the possibility that the cybercrime division actually could help by guiding an unknowing victim to available solutions to recover data instead of them blindly assuming all is lost and prematurely formatting hard drives?
Let's not act like ransomware key recovery is some mythical event that's never happened before, or assume that every victim is aware of its existence.
I did consider it for a moment, and then I laughed my ass off.
Ever consider the possibility that the cybercrime division actually could help
No. I was actually involved in a criminal case involving the FBI's cybercrime unit, and I would not even consider the possibility that they could figure out how to turn a computer on. I never met a group of more clueless people. The guy leading the investigation had been a history major in college, and had made no effort whatsoever to learn anything about technology. His subordinates were even dumber.
Why would anyone report to the FBI? (Score:1)
I filed a complaint a few days ago because some asshat tried to be cute with a dick pic of two men who bear a remarkable resembelance to me having sex. The dick pic by itself was nothing. Putting my name and URL was something else.
https://www.ic3.gov/ [ic3.gov]
Is there a reason to bother? (Score:1)
Why bother? (Score:1)
Most companies don't report ransomware attacks to the FBI because most companies consider it a waste of time. Everyone knows that if you get hit by ransomware, there's only three possible outcomes:
1. You consider the encrypted data lost, and move on without it, or roll back to your freshest, unencrypted backup.
2. You pay the ransom and hope to get the data back.
3. You get lucky and the ransomware that hit you is one that's already been broken and you're able to recover the data yourself.
What should I report? (Score:3)
I get on the order of 50,000 attack probes every day. Should I be cataloging and report each one to the FBI?
What makes a ransomware attack a special snowflake attack that needs reporting compared to spyware or bot install attempts?
Goddamit ... (Score:2)
... when we say, "Don't go to the police [variety.com]," we mean it.
Soon after, another email from the Dark Overlord arrived at Larson. “They said they felt they owed us an explanation as to why they had done it,” said Jill Larson. In the email, the hackers argued that Larson Studios had broken the terms of the agreement by talking to the FBI. “So they decided to punish us.”
No shit... (Score:2)
Last I checked, FBI said to just pay the ransom.
Why bother even reporting it.
When dealing with ransomware myself, I do check the FBI for decryption-keys before I start restoring from backups, but reporting?
Soon as I'm on the payroll, Hoover.