FBI has published an official statement in its stance on ransomware infections. They urged the victims, company or even individual, to report of such incidents to federal law enforcement.
The FBI has been under a lot of criticism recently after since of its agents disclosed to the press that, in case of many situations, they advise companies to pay ransom.
The FBI agent’s advice was not only taken out of context by many media agencies but also considered an official policy when it was clearly not.
Following the dissemination of these news stories and some high-profile ransomware infections, the FBI was called to answer for its “official stance” on ransomware infections in front of the US Senate, with FBI Director James Comey answering an official inquiry back in April.
The Bureau dispelled any confusion regarding its position on ransomware today when it published a public statement announcement (PSA) regarding what companies or US citizens should do.
The PSA, posted on the website of the FBI’s Internet Crime Complaint Center (IC3), makes it clear that the they wants victims to contact the IC3 and make a formal complaint.
The FBI wants victims to tell it the date of the infection, the ransomware variant that infected their systems, company data (business size, industry vertical), how the infection occurred (email, browser, USB), the amount of the ransom fee, the Bitcoin wallet to which the payment was requested, if the victim paid the ransom, and overall losses associated with the infection.
It even wants victims to add a short personal statement in which they describe in their own words the impact this infection had on them and their business.
The agency is encouraging users to make the complaints even if they paid or recovered the data from backups. They say they need even this information to form a bigger picture of the ransomware infections across the US.