Categories: Blog

FBI Urges Ransomware Victims to Report the Attacks

Healthcare organizations in the US fall under the scope of the “Health Information Technology for Economic and Clinical Health (HITECH) Act” which enforces the requirement of reporting data breaches to the authorities, as well as take certain measures when such incidents occur. Each incident that has the potential to affect more than 500 persons must be reported and, as a result, tens of events are reported in the US every month.

Other industries have similar regulations (the financial sector, telecommunications, merchants, government institution, education, etc.) that require data breach notifications to be issued, all with the purpose of protecting the affected persons from identity theft, credit card fraud, etc.

The types of data breaches that need to be reported are categorized depending on their cause: payment card fraud, Hacking or malware, insider, physical loss, portable/stationary device, unintentional disclosure and unknown.

The data breaches to be reported refer to those incidents where data has been put at risk of unauthorized access /dissemination. Since Ransomware destroys data or prevents access to it, incidents involving it are not regarded as data breaches (but as a business continuity incidents) although there is no guarantee that the information encrypted by Ransomware is not uploaded to hackers’ computers as well.

Where Ransomware is nowadays

Lately, the Ransomware has become stronger, more sophisticated and more dangerous, as pointed out by the latest report on the matter, by Symantec.

Some key findings of the “Special Report: Ransomware and Businesses 2016”:

“While ransomware attacks to date have been largely indiscriminate, there is evidence that attackers have a growing interest in hitting businesses with targeted attacks.”

“A number of ransomware groups have begun using advanced attack techniques, displaying a level of expertise similar to that seen in many cyberespionage attacks.”

“The average ransom demand has more than doubled and is now $679, up from $294 at the end of 2015.”

These findings support the idea according to which Ransomware should be a leading concern for data security and compliance, and enterprise ransomware protection should be part of the corporate security strategies.

Latest efforts to include the Ransomware associated threats in current data breach reporting requirements

In July 2016, two members of the Congress, Ted W. Lieu and Will Hurd, have addressed a letter to the Deputy Director for Health Information Privacy Office for Civil Rights, in which they stress the importance to differentiate Ransomware from common malware and hacking activities. They recommend inclusion of specific requirements to mitigate the associated risks and provide guidelines on how to handle the Ransomware infection cases.

In September 2016, the FBI has issued a Public Service Announcement, entitled “Ransomware Victims Urged to Report Infections to Federal Law Enforcement”. The announcement presents the Ransomware threats and describes how incident reporting help the national cyber security teams develop means to protect against future attacks.

Ransomware victims should report the attacks here (the FBI Internet Crime Complaint Center): https://www.ic3.gov/default.aspx

Reports start coming in

In October 2016, two healthcare institutions reported Ransomware attacks as data breaches under HITECH following the Congress advisory and the FBI request, although HITECH itself does not require entities to report Ransomware attacks yet.

USC Keck and Norris Hospitals issued this notice in this respect: https://oag.ca.gov/system/files/NOTICE%20%5BFINAL%5D_0.pdf?

Anne M. Cummings, M.D. F.A.C.P filed this notice in this regard: https://oag.ca.gov/system/files/Cummings%20Notice%20A_0.pdf?

How we can help

Reporting Ransomware incidents will help companies and authorities gain awareness and develop better methods to respond to such incidents. TEMASOFT develops specialized anti-ransomware software that detects and blocks Ransomware in seconds, allowing recovery of damaged files (included in successful ransomware attacks, if the technology is running at the time of the attack). Such technology will is a critical part of an enterprise ransomware protection strategy, together with awareness training and anti-virus solutions for multilayered security.

Liked this article? Follow us on LinkedIn for more, or subscribe to our newsletter.

References

Symantec Special Report: Ransomware and Businesses 2016: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/ISTR2016_Ransomware_and_Businesses.pdf

FBI Public Services Announcement https://www.ic3.gov/media/2016/160915.aspx

This post was last modified on August 21, 2023 7:27 am

Calin Ghibu

Technical background: over 15 years experience in testing, developing, researching and managing network security solutions. Currently focusing on information security and IT management. Specialties: Network audit, information security, web security, endpoint security, perimeter security SIEM, legal compliance, competitive intelligence.

Share
Published by
Calin Ghibu
Tags: ranstop

Recent Posts

The Role of File Monitoring Solutions in Maintaining File Integrity

In the digital world, information is often stored and transferred through files. From the most…

May 12, 2023

Guide to Conducting an Efficient File Access Permissions Audit for Admins and Technology Managers

Introduction Data security is more important than ever in today's fast-paced digital world. One critical…

April 9, 2023

File Integrity Monitoring: What It Is and Why It Matters

Introduction: Cyber threats are a growing concern for businesses and individuals alike. With the increasing…

March 5, 2023

Monitoring Essential Microsoft IIS Server Configuration Files for Enhanced Security

Microsoft Internet Information Services (IIS) is a popular web server that is widely used to…

February 25, 2023

Tracking file changes helps admins solve server configuration problems

File tracking is an important aspect of server administration, and it can help administrators detect…

February 1, 2023

Three reasons why admins should use file monitoring solutions

File monitoring solutions are essential tools for administrators to manage and protect their organizations' data…

January 6, 2023