New ransomware advice from the FBI

The FBI has updated its advice to companies to be more understanding when companies decide to pay their attackers for the key.

The updated advice says it does not advocate the payment of ransoms, but understands that a company faced with no alternative to recreating their data are in a difficult position.

It is essentially the same advice that the police give to paying organised crime. If you are being extorted by a criminal gang, we would suggest you do not pay, but we can understand if you want to retain your kneecaps.

And this is the dilemma after all. If you do not have effective backups, you will not have any other way of retrieving your data in the short term.  

Companies who do not have a strict backup regime and a strict backup testing regime, will find themselves stuck in a no-win situation. No data equals no company in many instances.

So why the technical language?

The FBI then go on to include a lot of technical language in what is supposed to be a public service announcement. This is supposed to be read and understood by business people. But it has been written by techies for techies.

Examples include:

Criminals may also compromise a victim’s email account by using precursor malware

RDP is a proprietary network protocol that allows individuals to control the resources and data of a computer over the internet.

For example, cyber criminals recently exploited vulnerabilities in two remote management tools used by managed service providers (MSPs) to deploy ransomware on the networks of customers of at least three MSPs

Require user interaction for end-user applications communicating with websites uncategorized by the network proxy or firewall.

The first rule of effective communications is to make yourself understood. The vast majority of the business audience this is focussed at would not have a clue what this was talking about.

It could be explained so much more simply

  1. The only way to survive a ransomware attack is to do regular backups of everything that you need to run as a business, and make sure those backups will work when you need them, by testing them regularly.
  2. Apply updates to all the systems and applications you have, as this is an easy way for attackers can get into your network.
  3. RDP is a tool used for remotely accessing machines. It is used by helpdesks to fix your computer remotely. When you ring up your support helpline and someone takes over control of your computer to check things out, RDP is what is being used. RDP can be used by attackers too, so make sure you are using it securely.
  4. Make sure your anti-virus and anti-malware are always kept up to date. If the ransomware has been used somewhere else before it hits you, there is a chance your anti-malware/ anti-virus may be able to pick it up and block it from working.
  5. Be careful what you click on. Phishing emails are an easy way for an attacker to gain access to your network. Always report any incidents like this as quickly as possible to your IT team.

In conclusion

The idea behind a public service announcement is for it to be understood by the vast majority of the people who look at it. It is not for the author to prove their technical competence. There really should be some non-techies at the FBI reading this stuff from the users viewpoint, to sense-check what is being communicated.

Leave a Comment

Your email address will not be published. Required fields are marked *