FBI: Ransomware Targeting Business Servers

The FBI has warned that ransomware is increasingly targeting business servers and is charging higher fees for larger infections and wealthier targets.

The US agency urged those affected by the malware, which encrypts files and then charges for them to be restored, to report incidents, saying it is currently difficult to estimate the exact scope of the problem.

Servers targeted

Officials said the FBI’s official advice is not to pay ransoms, since they encourage further attacks. But it acknowledged companies would “evaluate all options” when their data is at risk.

“Recent variants have targeted and compromised vulnerable business servers (rather than individual users) to identify and target hosts, thereby multiplying the number of potential infected servers and devices on a network,” the FBI said in an advisory.

It warned that malware gangs have begun charging fees based on the numbers of systems infected and after payment, in some cases, haven’t provided decryption keys or have tried to extort more funds.

“This recent technique of targeting host servers and systems could translate into victims paying more to get their decryption keys, a prolonged recovery time, and the possibility that victims will not obtain full decryption of their files,” the agency stated.

Victims urged to report

It said organisations and individuals affected often don’t report the cases because they’ve been resolved internally or out of embarrassment.

“Victim reporting provides law enforcement with a greater understanding of the threat, provides justification for ransomware investigations, and contributes relevant information to ongoing ransomware cases,” the FBI stated.

The agency reiterated that it doesn’t support paying ransoms, but acknowledged that organisations may take that route as a practical course of action.

“Executives, when faced with inoperability issues, will evaluate all options to protect their shareholders, employees, and customers,” the warning said.

Last autumn a senior FBI official told a computer security conference that paying a ransom is often the only way to recover files.

Attacks quadruple

“The ransomware is that good,” Joseph Bonavolonta, the assistant special agent in charge of the FBI’s Cyber and Counterintelligence Programme in its Boston office, reportedly told the Cyber Security Summit 2015 in Boston last October. “To be honest, we often advise people just to pay the ransom.”

His remarks were reported at the time by IT news site Security Ledger.

The FBI’s advisory included advice for businesses on how to prevent ransomware attacks and how to report them.

The US Justice Department has recorded 4,000 ransomware attacks daily since the beginning of this year, quadruple the frequency of attacks over last year, the US Federal Trade Commission said at an FTC conference earlier this month.

Recent research by PhishMe found that 93 percent of phishing emails – which use deceptive tactics to trick users into installing malware – now contain a ransomware variant.

A July study by security researchers found that ransomware gangs now operate sophisticated customer-service operations resembling those of small businesses in order to enhance their revenues.

Are you a security pro? Try our quiz!