Whether we like it or not, the threat of ransomware isn’t likely to go away anytime soon. Many criminals throughout the world have learned that they can make a fairly easy payday with this kind of malware, and it doesn’t even require that much expertise. Thankfully, there are ways to prevent or mitigate this threat, but there is always a chance that it could happen nonetheless. Just in case you ever find yourself in this situation, here are some general guidelines about how to report ransomware.
Always Report Ransomware
The first thing you might ask yourself is: “Should I report this attack?” If the attack didn’t succeed, or if it was easily countered, some people might feel that there is no need to make a report. However, this kind of thinking is in error. Even if the attack didn’t work, the hackers may not give up on their efforts. Besides, every report gives the authorities valuable information that can help them to catch these criminals.
In some cases, the authorities might even be able to help you decrypt your data. If the attack was done using an older ransomware variant, the authorities might have already deciphered its decryption keys. If that is the case, you can recover from an attack much more easily. Some of these decryption keys/tools can be found here.
Who Should You Contact?
The answer to this question will vary a little bit depending on your location. However, if you are anywhere within the United States, your first call should be the FBI. These kinds of crimes are often international in nature, so the FBI will usually have jurisdiction. You can also contact the USSS (Secret Service), as they also sometimes handle this kind of thing.
You can also contact the FTC (Federal Trade Commission) and file a report. This method is very easy because you don’t have to deal with law enforcement directly. The FTC fraud office can tell you exactly what you need to do next and how you need to proceed.
Finally, it is a good idea to contact the providers of any software that you use. Software companies are always looking for opportunities to find and patch existing vulnerabilities. The sooner such an exploit is reported to them, the sooner they can fix it and issue a patch for all users.
Above all, do not pay the ransom. We repeat, DO NOT pay that ransom in part or in full. There is no guarantee that the criminals will keep their word and give you that password. There is also no guarantee that they won’t retain sensitive information for later use. Basically, we’re just telling you not to trust criminals and thieves, which should be a matter of common sense.
What Information Do You Need?
Before you report a ransomware attack, there are certain key pieces of information that you will need. It isn’t enough to just call up the authorities and say “uh, hey…I got hacked. Can you help me?” They are going to require specific information from you, and it’s important to have that information on hand. Otherwise, you will just have to call back later, because they cannot proceed with an investigation until they have given them some preliminary info. This information should include:
- The exact date of the infection incident
- The exact time of the incident (if possible)
- The type of ransomware used (this is usually on the ransom note)
- Basic information about your company
- The attack vector (meaning the method by which the infection occurred)
- The amount of the ransom payment and/or a screenshot of the ransom note
- Overall losses resulting from the attack
- Any network data that you may have collected, including IP addresses and MAC addresses
- The file extension of the files that were encrypted
- Any and all contact info provided by the hacker
- Any other information that you deem relevant to the incident
Dealing With The Consequences Of A Ransomware Attack
When you find that you have been the victim of a ransomware attack, reporting should always be a top priority. However, you don’t necessarily have to wait for the authorities before you act. As long as you document everything for law enforcement, you can go ahead and work to restore your system.
The simplest method is to use a system backup. This is basically an entire drive and/or network that has been condensed into a single file. These files, called “system images” can be used to quickly restore a corrupted system. All you have to do is delete everything and re-install from the most recent backup. However, before you do this, make absolutely sure that you wipe the affected drives. Computer data is never truly gone until it has been overwritten with new data, so make sure your program does that.
If you don’t have a recent backup, you can actually try to decrypt the files by force. It is possible to do this, but it’s unlikely to succeed. Well-made encryption can take years or even decades/centuries to break in this manner. However, as we mentioned earlier, older ransomware variants might be decrypted with publicly available keys. If the attacker is an amateur or sloppy kind of criminal, you might get lucky.
Reporting ransomware is one of those things that seems self-explanatory, but there are a few things you need to know. If you don’t give the right information to the authorities, their ability to help you will be limited. Further, if you have not taken some basic precautions, you might also find yourself in a position with no good options. That is why it pays to be prepared and to be ready at all times. If you or your organization needs help with these matters, you can always call PCH Technologies at (856) 754-7500.