FBI Denver Tech Tips: Protecting Against the Risk of Ransomware
(DENVER, CO) — As the premier cyber investigative agency, the FBI works to keep Americans safe online. During 2022, FBI Denver will focus on cyber security issues impacting Colorado and Wyoming residents.
This month, ransomware—what it is and how to lessen the likelihood you’ll fall victim—is our focus. Ransomware is malicious software that blocks access to a computer system or files until a “ransom” or monetary amount is paid.
The FBI Denver Division urges Colorado and Wyoming businesses to stay vigilant against bad actors by putting plans in place to protect their business from an increase in ransomware attacks. The FBI does not encourage paying a ransom to criminals, as it only serves to embolden these adversaries and fund their illicit activities. Paying a ransom does not guarantee that a victim’s files will be recovered.
Common techniques utilized by criminals to infect victims with ransomware include the following:
- E-mail Phishing Campaigns—a malicious file or link sent that deploys malware when clicked by the recipient. Broad-based spamming strategies are most commonly used, but have recently become more sophisticated. Often, the victim’s email account may be used to further spread the malware.
- Remote Desktop Protocol vulnerabilities—allows individuals to control a person’s computer via the Internet. Cyber criminals use “brute-force” methods, a technique using trial-and-error to obtain a user’s credentials or purchase stolen credentials on the dark web.
- Software vulnerabilities—security weaknesses in widely-used software programs provide an entry for cyber criminals to gain control of systems to deploy ransomware.
Recent ransomware attacks in Colorado and Wyoming have targeted health care providers, small businesses, and local water treatment facilities. To avoid a ransomware attack, follow these strategies:
- Ensure your organization has an incident response plan, and that working with the FBI is part of that plan.
- Educate yourself and your employees as to how to identify and manage phishing lures.
- Back up your data often and keep back-ups segregated and offline from normal operations.
- Make sure all devices on your network are using the most current versions of operating systems and applications; and,
- Keep your anti-malware software current.
If you or your business becomes a victim of a ransomware attack, notify the FBI’s Internet Crime Complaint Center (www.ic3.gov) or contact FBI Denver at 303-629-7171.