July 15, 2020

Volume X, Number 197

July 15, 2020

Subscribe to Latest Legal News and Analysis

July 14, 2020

Subscribe to Latest Legal News and Analysis

July 13, 2020

Subscribe to Latest Legal News and Analysis

FBI Warns of Sharp Increase in Ransomware Attacks in Certain Sectors

The Federal Bureau of Investigations Internet Crime Complaint Center (IC3) recently issued a public service announcement warning private companies about the increasing numbers of ransomware attacks affecting private industry. According to the warning, “Although state and local governments have been particularly visible targets for ransomware attacks, ransomware actors have also targeted health care organizations, industrial companies, and the transportation sector.”

The ransomware attacks are initiated through “large scale or targeted phishing campaigns and exploiting software and Remote Desktop Protocol (RDP) vulnerabilities to get a foothold on their victims’ systems before encrypting their systems.”

The FBI is urging companies not to pay the ransom, and to contact the FBI in the event of an attack so it can use the information, along with information provided by other victims, to track the ransomware attackers, find them and hold them accountable, in order to prevent future attacks.

The FBI also recommends that companies:

  • Regularly back up data and verify its integrity

  • Focus on awareness and training

  • Patch the operating system, software, and firmware on devices

  • Enable anti-malware auto-update and perform regular scans

  • Implement the least privilege for file, directory, and network share permissions

  • Disable macro scripts from Office files transmitted via email

  • Implement software restriction policies and controls

  • Employ best practices for use of RDP

  • Implement application whitelisting

  • Implement physical and logical separation of networks and data for different org units

  • Require user interaction for end-user apps communicating with uncategorized online assets

Ransomware is extremely disruptive to business operations, so preparing for such incidents is mission critical, including deploying an incident response team and testing incident response plans.

Copyright © 2020 Robinson & Cole LLP. All rights reserved.National Law Review, Volume IX, Number 283


About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...