---

Video Transcript

Hello, I’m LT Chu, senior supervisory intelligence analyst for the FBI’s Seattle Field Office.

Today, I’m here to discuss an element of cyber security that affects all of us, both as private citizens and at our workplaces. Ransomware. This topic is especially relevant with the technology industry presence in this area of the country.

Ransomware is malicious software that blocks access to a computer system or files until a “ransom” or monetary amount is paid. Sometimes, a double extortion occurs: victims are coerced to pay a ransom both to have their data unlocked and not to have it leaked.

The ransomware threat is evolving.

The FBI is seeing not only a significant increase in the number of ransomware variants, but also in the number of attacks and the amount of money demanded. In 2019, the Ryuk ransomware variant dominated the threat landscape. Since then, the FBI has opened investigations into approximately 100 variants across its 56 field offices. The number of individual attacks has grown well into the thousands, and the number of ransomware payments has tripled.

Why is this happening?

Ransomware is lucrative. Also, the barriers to enter this criminal activity have decreased. Ransomware is now sold as a “service” on the dark web, which means that would-be malicious actors do not need technological expertise to program their own software.

So what can you do?

The most important line of defense against ransomware is prevention.

• First, ensure your software is current and up to date with the latest security patches.
• Second, be constantly vigilant when opening the dozens of electronic communications we all receive daily. It’s tough to remain cautious against something as prevalent in our lives as texts and e-mails. However, if you receive a suspicious e-mail from someone you don’t know or if the e-mail address doesn’t look right, don’t click on the links. The main vector for ransomware attacks is through phishing attempts.
• Third, back up your data and back it up often. Ensure backups are housed on a different server when possible so that you have access to it even if one version gets compromised.
• Fourth, enable multi-factor authentication wherever possible, especially in the backup environment.

What is the FBI doing?

The FBI understands criminal organizations and how to take them down, which is why we are working with an unprecedented number of government and private sector organizations to do just that. Our strategy is focused on disrupting the ecosystem that allows ransomware actors to succeed. This includes the actors, their infrastructure, and their money. We are also focused on building strong connections with the private sector to share vital threat information before an intrusion occurs. The sooner we know about a threat, the quicker we can address it and potentially recover money lost. Incidents can be reported to your local field office or ic3.gov.

Modern technology brings all of us closer together, but it also adds vulnerabilities. Systems are often intertwined so that a small attack against one organization can reach multiple organizations within their larger network. We all must work together to combat cyber crime.