FBI urges organisations not to pay ransomware demands

Paying a ransom encourages criminals to target more people, FBI warns

The USA's Federal Bureau of Investigation (FBI) has issued a public service announcement advising organisations on how they should handle ransom demands.

The FBI's Internet Crime Complaint Centre has urged all organisations and individuals that are infected by a ransomware not to pay any money to hackers in exchange of a decryption key. Instead, they should report the incident to FBI officials as earliest as possible.

According to the agency, paying a ransom encourages criminals to target more people and demand money from them.

"In some cases, victims who paid a ransom were never provided with decryption keys. In addition, due to flaws in the encryption algorithms of certain malware variants, victims may not be able to recover some or all of their data even with a valid decryption key," the agency warns.

In instances, where a victim decides to pay the ransom to hackers, they must report the incident to law enforcement agencies, as that would help investigators to track the attackers, hold them accountable under American laws and prevent future attacks.

According to the FBI, implementing a robust system of backups is the most important defence against a ransomware attack. Regular data backups could prevent a ransomware attack from crippling critical operations or services.

Ransomware attacks have become more sophisticated, targeted and costly in recent years, even as the overall frequency of such attacks remains largely consistent, the agency said.

Hacking groups are constantly upgrading and changing their tactics to make their attacks more effective. These groups gain an entry into target systems through email phishing or by exploiting a remote desktop protocol or software vulnerability. After gaining a foothold on the target system, they encrypt the user data and then demand a ransom in exchange of a decryption key.

The FBI's latest advisory comes at time when several hospitals and health care centres in the US and Australia have said they were forced to shut down their IT systems after being hit by ransomware attacks.

Alabama-based DCH Health System on Wednesday stopped admitting new patients, except critical patients. All three of the organisation's medical centres are currently working to restore their affected systems.

Several hospitals in Victoria, Australia have also cancelled elective surgeries and outpatient appointments after they were targeted by hackers with a ransomware. Most of the affected hospitals have reverted to manual systems to access patient histories, scans, and other records.