Ransomware Crisis Worsens, FBI Solicits Help from All Sides
The U.S. Federal Bureau of Investigation (FBI) is enlisting the help of businesses and software security experts in the fight against ransomware, the virus used by hackers to extort money from electronic device owners by holding their data hostage.
A confidential advisory released Friday focused on the ransomware known as MSIL/Samas that is meant to encrypt data on entire networks. That approach is much more dangerous than typical ransomware that is generally directed at individual users. Obtained by Reuters, the FBI’s plea asked recipients to immediately contact the FBI's CYWATCH cyber center if they find evidence that they have been attacked or have other information that might help in the agency's investigation.
The FBI first reported on MSIL/Samas.A in an alert issued last month. That message contained technical details about the virus, but did not call for help as did the recent alert. MSIL/Samas.A targets servers running obsolete versions of the business software JBoss. Friday’s alert is the latest in a series of FBI advisories and warnings concerning new ransomware tools and techniques.
Awareness Is Key
Ransomware is especially damaging in industries that depend heavily on computer access for performing critical functions, such as healthcare and law enforcement. When hospitals and police have paid ransoms to recover their data, news coverage of those attacks has encouraged attackers to continue targeting those groups.
The FBI has encouraged individual users to avoid ransomware attacks by diligently backing up their data and deleting unexpected e-mails with .exe file attachments, among other steps.
As agencies such as the FBI reach out to technology professionals, how can the industry and individual users combine to help put a stop to ransomware? That’s the question we posed to Stu Sjouwerman, founder and CEO of security awareness training company KnowBe4. "The first step is awareness," said Sjouwerman. "Now that hospitals get attacked and shut down, ransomware has become a mainstream press topic."
Sjouwerman said an ideal first line of defense is for individual users, both at home and at work, to get effective training in how to spot phishing attacks and other means by which ransomware hackers get hold of data. "Training [that] keeps employees on their toes with security top of mind . . . is by far the best way to combat this threat," he said.
In the alert sent out last week, the FBI said its investigators have discovered that hackers are using a software program called JexBoss to automate discovery of vulnerable JBoss systems and launch attacks, giving them the access to remotely install ransomware on computers across a network. JBoss, which is now called WildFly, is an application server authored by JBoss and written in Java.
In the alert, the FBI provided a list of technical indicators to help companies determine if they were victims of such attacks. The bureau is distributing those indicators as a way to enable network defense activities and reduce the risk of similar attacks in the future, according to the advisory.