SlideShare a Scribd company logo

FBI Ransomware Report

David Sweigert, profile picture
David Sweigert

This document discusses ransomware, including how it infects systems, its effects, and recommendations for prevention and recovery. Ransomware is often delivered via phishing emails containing malicious attachments or links. When opened, it encrypts files and demands ransom for decryption. Key prevention strategies include user awareness training, system patching, backups stored offline, and least-privileged access. The FBI recommends focusing on prevention but does not advise paying ransoms as it does not guarantee file recovery and encourages criminal activity.

Healthcare
1 of 2
Download to read offline
1
2
Ransomware InfectionVectors Ransomware is frequently delivered through phishing e-mails to end users. Early ransomware e-mails were often generic in nature, but more recent e-mails are highly targeted to both the organization and individual, making scrutiny of the document and sender important to prevent exploitation. An e-mail compromise occurs in one of two ways: 1. Receipt of an e-mail containing malicious attachments, including: .pdf, .doc, .xls, and .exe file extensions. These attachments are described as something that appears legitimate, such as an invoice or electronic fax, but contain malicious code. 2. Receipt of an e-mail that appears legitimate but contains a link to a website hosting an exploit kit. When the user opens the malicious file or link in the phishing e-mail, the most frequent end result is the rapid encryption of files and folders containing business-critical information and data. Recent ransomware campaigns have employed robust encryption that prevents most attempts to break the encryption and recover the data. Another infection method involves adversaries hacking a knownwebsitetoplantthemalware. Endusersareinfected when visiting the compromised website while using outdated browsers, browser plugins, and other software. Ransomware is a form of malware that targets both human and technical weaknesses in organizations in an effort to deny the availability of critical data and/or systems. When the victim organization determines they are no longer able to access their data, the cyber actor demands the payment of a ransom, at which time the actor purportedly provides an avenue to the victim to regain access to their data. Recent iterations target enterprise end users, making awareness and training a critical preventative measure. Afterinfection,themalwareusuallycallshometocommand and control (C2) infrastructure to obtain encryption keys from the adversary. Once keys are obtained, the malware begins rapidly encrypting files and folders on local drives, attached drives, and network shares to which the infected user has access. Organizations are generally not aware that they have been infected until users are no longer able to access data or begin to see messages advising them of the attack and demanding a ransom payment. While the FBI normally recommends organizations invest in measures to prevent, detect, and remediate cyber exploitation, the key areas to focus on with ransomware are prevention, business continuity, and remediation. It is very difficult to detect a successful ransomware compromise before it is too late. The best approach is to focus on defense in depth, or several layers of security, as there is no single method to prevent a compromise. As ransomware techniques and malware continue to evolve and become more sophisticated, even with the most robust prevention controls in place, there is no guarantee against exploitation. This fact makes contingency and remediation planning crucial to business recovery and continuity, and those plans should be tested regularly to ensure the integrity of sensitive data in the event of a compromise.
PreventionConsiderations • Focus on awareness and training. Since end users are targeted, employees should be made aware of the threat of ransomware, how it is delivered, and trained on information security principles and techniques. • Patch the operating system, software, and firmware on devices. All endpoints should be patched as vulnerabilities are discovered. This can be made easier through a centralized patch management system. • Ensure anti-virus and anti-malware solutions are set to automatically update and regular scans are conducted. • Manage the use of privileged accounts. Implement the principle of least privilege. No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary; and they should operate with standard user accounts at all other times. • Implement least privilege for file, directory, and network share permissions. If a user only needs to read specific files, they should not have write access to those files, directories, or shares. Configure access controls with least privilege in mind. • Disable macro scripts from office files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full office suite applications. • Implement software restriction policies (SRP) or other controls to prevent the execution of programs in common ransomware locations, such as temporary folders supporting popular Internet browsers, or compression/decompression programs, including those located in the AppData/LocalAppData folder. BusinessContinuityConsiderations • Regularly back up data and verify its integrity. • Secureyourbackups. Ensurebackupsarenotconnected to the computers and networks they are backing up. Examples might be securing backups in the cloud or physically storing them offline. Some instances of ransomware have the capability to lock cloud-based backups when systems continuously back up in real- time, also known as persistent synchronization. Backups are critical in ransomware; if you are infected, backups may be the best way to recover your critical data. Other Considerations Some other considerations that can be highly dependent on organizational budget and system configuration include: • Implement application whitelisting. Only allow systems to execute programs known and permitted by security policy. • Use virtualized environments to execute operating system environments or specific programs. • Categorize data based on organizational value, and implement physical/logical separation of networks and data for different organization units. For example, sensitive research or business data should not reside on the same server and/or network segment as an organization’s e-mail environment. • Require user interaction for end user applications communicating with websites uncategorized by the network proxy or firewall. Examples include requiring userstotypeinformationorenterapasswordwhentheir system communicates with a website uncategorized by the proxy or firewall. The Ransom The FBI does not advocate paying a ransom to an adversary. Paying a ransom does not guarantee an organization will regain access to their data. In fact, some individuals or organizations were never provided with decryption keys after paying a ransom. Paying a ransom emboldens the adversary to target other organizations for profit and provides a lucrative environment for other criminals to become involved. Finally, by paying a ransom, an organization is funding illicit activity associated with criminal groups, including potential terrorist groups, who likely will continue to target an organization. While the FBI does not advocate paying a ransom, there is an understanding that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers. In all cases, the FBI encourages organizations to contact their local FBI Cyber Task Force immediately to report a ransomware event and request assistance. The FBI works with federal, state, local, and international partners to pursue cyber actors globally and assist victims of cyber crime. Victimsarealsoencouragedtoreportcyberincidents to the FBI’s Internet Crime Complaint Center (www.ic3.gov). Contact the Cyber Task Forces at www.fbi.gov/contact-us/field and the Internet Crime Complaint Center at www.ic3.gov

More Related Content

DOC
Data security
Laura Breese
 
PPTX
Internet safety and you
Art Ocain
 
PPTX
Malicion software
A. Shamel
 
PDF
HCA 530, Week2, Psa i-091516-ransomware notice from fbi
Matthew J McMahon
 
PDF
Introduction to cyber security i
Emmanuel Gbenga Dada (BSc, MSc, PhD)
 
PDF
Chapter 2 konsep dasar keamanan
newbie2019
 
PPTX
Security threats
Qamar Farooq
 
PPTX
Types of Cyber Attacks
Rubal Sagwal
 
Data security
Laura Breese
 
Internet safety and you
Art Ocain
 
Malicion software
A. Shamel
 
HCA 530, Week2, Psa i-091516-ransomware notice from fbi
Matthew J McMahon
 
Introduction to cyber security i
Emmanuel Gbenga Dada (BSc, MSc, PhD)
 
Chapter 2 konsep dasar keamanan
newbie2019
 
Security threats
Qamar Farooq
 
Types of Cyber Attacks
Rubal Sagwal
 

What's hot (20)

PPTX
Security vulnerability
A. Shamel
 
PDF
Cyber attacks
Anuradha Moti T
 
PDF
8 Types of Cyber Attacks That Can Bother CISOs in 2020
SecPod Technologies
 
PPT
Network Threats
Dan Oblak
 
PDF
Introduction to Information Security
Dumindu Pahalawatta
 
PPT
Introduction To Information Security
belsis
 
DOC
Computer Secutity.
angelaag98
 
PPTX
Data base security and injection
A. Shamel
 
PPTX
Client server network threat
Raj vardhan
 
PDF
Mis 1
Rohit Garg
 
PPSX
Ransomware 101
William Mann
 
PDF
beyond_the_firewall_0103
Jack McCullough
 
PPT
Need for security
University of Central Punjab
 
PPTX
Types of Cyber-Attacks
techexpert2345
 
PPTX
Dos attack
Manjushree Mashal
 
PPTX
Threats to information security
swapneel07
 
PDF
Chapter 2 konsep dasar keamanan
newbie2019
 
PDF
Network security
nafisarayhana1
 
PPTX
PACE-IT, Security+3.1: Types of Malware
Pace IT at Edmonds Community College
 
PDF
Chapter 4 vulnerability threat and attack
newbie2019
 
Security vulnerability
A. Shamel
 
Cyber attacks
Anuradha Moti T
 
8 Types of Cyber Attacks That Can Bother CISOs in 2020
SecPod Technologies
 
Network Threats
Dan Oblak
 
Introduction to Information Security
Dumindu Pahalawatta
 
Introduction To Information Security
belsis
 
Computer Secutity.
angelaag98
 
Data base security and injection
A. Shamel
 
Client server network threat
Raj vardhan
 
Mis 1
Rohit Garg
 
Ransomware 101
William Mann
 
beyond_the_firewall_0103
Jack McCullough
 
Need for security
University of Central Punjab
 
Types of Cyber-Attacks
techexpert2345
 
Dos attack
Manjushree Mashal
 
Threats to information security
swapneel07
 
Chapter 2 konsep dasar keamanan
newbie2019
 
Network security
nafisarayhana1
 
PACE-IT, Security+3.1: Types of Malware
Pace IT at Edmonds Community College
 
Chapter 4 vulnerability threat and attack
newbie2019
 
Ad

Viewers also liked (7)

PDF
Enterprise security: ransomware in enterprise and corporate entities
Quick Heal Technologies Ltd.
 
PPTX
How to stay protected against ransomware
Sophos Benelux
 
PDF
Ransomware hostage rescue manual
Roel Palmaers
 
PPTX
What is Ransomware and How to Stay Away from it?
Quick Heal Technologies Ltd.
 
PPTX
Ransomware: How to avoid a crypto crisis at your IT business
Calyptix Security
 
PPTX
Ransomware
Akshita Pillai
 
PDF
Ransomware- What you need to know to Safeguard your Data
Inderjeet Singh
 
Enterprise security: ransomware in enterprise and corporate entities
Quick Heal Technologies Ltd.
 
How to stay protected against ransomware
Sophos Benelux
 
Ransomware hostage rescue manual
Roel Palmaers
 
What is Ransomware and How to Stay Away from it?
Quick Heal Technologies Ltd.
 
Ransomware: How to avoid a crypto crisis at your IT business
Calyptix Security
 
Ransomware
Akshita Pillai
 
Ransomware- What you need to know to Safeguard your Data
Inderjeet Singh
 
Ad

Similar to FBI Ransomware Report (20)

PDF
FBI Memo on How to Protect Yourself from Ransomware
David Sweigert
 
PPTX
Back to school - CYBER SAFETY
Sairam
 
PPTX
attack vectors by chimwemwe.pptx
JenetSilence
 
PDF
In computer security, a vulnerability is a weakness which allows an .pdf
anandanand521251
 
PPTX
Ransomware: A Perilous Malware
HTS Hosting
 
PPTX
LESSON_3_Maintain_Computer_Equipment_and_Systems.pptx
mahaliacaraan
 
PDF
Ransomware
m3 Networks Limited
 
PPTX
9.0 security (2)
Frank Victory
 
DOCX
Running head Threat Analysis .docx
toltonkendal
 
PPTX
Computing safety
Brulius
 
PPTX
Application security
Hagar Alaa el-din
 
PDF
Ransomware : Challenges and best practices
EyesOpen Association
 
PDF
Locking Down Your Data: Best Practices for Database Security
FredReynolds2
 
PDF
Saiyed_Crypto_Article_ISSA
Carl Saiyed
 
PDF
Security Policy Checklist
backdoor
 
PDF
Fire eye spearphishing
Zeno Idzerda
 
PDF
Are you the next target?
Strategic Insurance Software
 
PPTX
3 Tips to Stay Safe Online in 2017
Bret Piatt
 
PPTX
Understanding advanced persistent threats (APT)
Dan Morrill
 
PDF
AI for Ransomware Detection & Prevention Insights from Patents
Alex G. Lee, Ph.D. Esq. CLP
 
FBI Memo on How to Protect Yourself from Ransomware
David Sweigert
 
Back to school - CYBER SAFETY
Sairam
 
attack vectors by chimwemwe.pptx
JenetSilence
 
In computer security, a vulnerability is a weakness which allows an .pdf
anandanand521251
 
Ransomware: A Perilous Malware
HTS Hosting
 
LESSON_3_Maintain_Computer_Equipment_and_Systems.pptx
mahaliacaraan
 
Ransomware
m3 Networks Limited
 
9.0 security (2)
Frank Victory
 
Running head Threat Analysis .docx
toltonkendal
 
Computing safety
Brulius
 
Application security
Hagar Alaa el-din
 
Ransomware : Challenges and best practices
EyesOpen Association
 
Locking Down Your Data: Best Practices for Database Security
FredReynolds2
 
Saiyed_Crypto_Article_ISSA
Carl Saiyed
 
Security Policy Checklist
backdoor
 
Fire eye spearphishing
Zeno Idzerda
 
Are you the next target?
Strategic Insurance Software
 
3 Tips to Stay Safe Online in 2017
Bret Piatt
 
Understanding advanced persistent threats (APT)
Dan Morrill
 
AI for Ransomware Detection & Prevention Insights from Patents
Alex G. Lee, Ph.D. Esq. CLP
 

More from David Sweigert (20)

PDF
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
David Sweigert
 
PDF
Law Enforcement Cyber Incident Reporting
David Sweigert
 
PDF
Sample Network Analysis Report based on Wireshark Analysis
David Sweigert
 
PDF
National Cyber Security Awareness Month poster
David Sweigert
 
PDF
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
David Sweigert
 
PDF
National Cyber Security Awareness Month - October 2017
David Sweigert
 
PDF
California Attorney General Notification Penal Code 646.9
David Sweigert
 
PDF
Congressional support of Ethical Hacking and Cyber Security
David Sweigert
 
PDF
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
David Sweigert
 
PDF
Application of Racketeering Law to Suppress CrowdStalking Threats
David Sweigert
 
PDF
Canada Communications Security Establishment - Threat Vector Chart
David Sweigert
 
DOCX
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
David Sweigert
 
PDF
Cyber Incident Response Team NIMS Public Comment
David Sweigert
 
PDF
Cyber Incident Response Team - NIMS - Public Comment
David Sweigert
 
PDF
National Incident Management System (NIMS) NQS DRAFT
David Sweigert
 
PDF
National Incident Management System - NQS Public Feedback
David Sweigert
 
DOCX
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
David Sweigert
 
PDF
National Preparedness Goals 2015 2nd edition
David Sweigert
 
PDF
Healthcare Sector-wide Disaster Prepardness Plan
David Sweigert
 
PDF
Cyber Risk Assessment for the Emergency Services Sector - DHS
David Sweigert
 
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
David Sweigert
 
Law Enforcement Cyber Incident Reporting
David Sweigert
 
Sample Network Analysis Report based on Wireshark Analysis
David Sweigert
 
National Cyber Security Awareness Month poster
David Sweigert
 
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
David Sweigert
 
National Cyber Security Awareness Month - October 2017
David Sweigert
 
California Attorney General Notification Penal Code 646.9
David Sweigert
 
Congressional support of Ethical Hacking and Cyber Security
David Sweigert
 
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
David Sweigert
 
Application of Racketeering Law to Suppress CrowdStalking Threats
David Sweigert
 
Canada Communications Security Establishment - Threat Vector Chart
David Sweigert
 
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
David Sweigert
 
Cyber Incident Response Team NIMS Public Comment
David Sweigert
 
Cyber Incident Response Team - NIMS - Public Comment
David Sweigert
 
National Incident Management System (NIMS) NQS DRAFT
David Sweigert
 
National Incident Management System - NQS Public Feedback
David Sweigert
 
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
David Sweigert
 
National Preparedness Goals 2015 2nd edition
David Sweigert
 
Healthcare Sector-wide Disaster Prepardness Plan
David Sweigert
 
Cyber Risk Assessment for the Emergency Services Sector - DHS
David Sweigert
 

Recently uploaded (20)

PPTX
PEDIATRIC OSCE, MBBS, by Dr. Sangit Chhantyal(IOM)..pptx
SangeetChhantyal
 
PPTX
First aid in common emergency conditions.pptx
cham2i1738
 
PPT
Microscope is an instrument that makes an enlarged image of a small object, t...
LuckyMittal13
 
PDF
2E-Learning-Together...PICS-PCISF con.pdf
AssessoriadaGernciaG
 
PPTX
CBT FOR OCD TREATMENT WITHOUT MEDICATION
emotionoflifeindia
 
PDF
Dermatology diseases Index August 2025.pdf
Hany salah Soliman
 
PPTX
Genaralised anxiety disorder presentation
YoshitaAgarwal3
 
PPTX
COMMUNICATION SKILSS IN NURSING PRACTICE
juanlungu94
 
PPTX
Pulmonary Circulation PPT final for easy
63kirubaharan
 
PDF
Dr. Jasvant Modi - Passionate About Philanthropy
Dr. Jasvant Modi
 
PPTX
PE and Health 7 Quarter 3 Lesson 1 Day 3,4 and 5.pptx
AnnaMae39
 
PDF
Dr Masood Ahmed Expertise And Sucess Story
adilseoexpert1
 
PDF
MINERAL & VITAMIN CHARTS fggfdtujhfd.pdf
vaishnavikumarimugha
 
PPTX
Nursing Care Aspects for High Risk newborn.pptx
shahabiqbal2229
 
PPTX
NUTRITIONAL PROBLEMS, CHANGES NEEDED TO PREVENT MALNUTRITION
rpragatheeswari
 
PPTX
Bronchial_Asthma_in_acute_exacerbation_.pptx
jesselejadefernandez
 
PPTX
Galactosemia pathophysiology, clinical features, investigation and treatment ...
ssuser7f57ff
 
PDF
CHAPTER 9 MEETING SAFETY NEEDS FOR OLDER ADULTS.pdf
ANNIELOURRIECASABUEN1
 
PPTX
Trichuris trichiura infection
banisterbribi
 
PDF
Megan Miller Colona Illinois - Passionate About CrossFit
Megan Miller Colona Illinois
 
PEDIATRIC OSCE, MBBS, by Dr. Sangit Chhantyal(IOM)..pptx
SangeetChhantyal
 
First aid in common emergency conditions.pptx
cham2i1738
 
Microscope is an instrument that makes an enlarged image of a small object, t...
LuckyMittal13
 
2E-Learning-Together...PICS-PCISF con.pdf
AssessoriadaGernciaG
 
CBT FOR OCD TREATMENT WITHOUT MEDICATION
emotionoflifeindia
 
Dermatology diseases Index August 2025.pdf
Hany salah Soliman
 
Genaralised anxiety disorder presentation
YoshitaAgarwal3
 
COMMUNICATION SKILSS IN NURSING PRACTICE
juanlungu94
 
Pulmonary Circulation PPT final for easy
63kirubaharan
 
Dr. Jasvant Modi - Passionate About Philanthropy
Dr. Jasvant Modi
 
PE and Health 7 Quarter 3 Lesson 1 Day 3,4 and 5.pptx
AnnaMae39
 
Dr Masood Ahmed Expertise And Sucess Story
adilseoexpert1
 
MINERAL & VITAMIN CHARTS fggfdtujhfd.pdf
vaishnavikumarimugha
 
Nursing Care Aspects for High Risk newborn.pptx
shahabiqbal2229
 
NUTRITIONAL PROBLEMS, CHANGES NEEDED TO PREVENT MALNUTRITION
rpragatheeswari
 
Bronchial_Asthma_in_acute_exacerbation_.pptx
jesselejadefernandez
 
Galactosemia pathophysiology, clinical features, investigation and treatment ...
ssuser7f57ff
 
CHAPTER 9 MEETING SAFETY NEEDS FOR OLDER ADULTS.pdf
ANNIELOURRIECASABUEN1
 
Trichuris trichiura infection
banisterbribi
 
Megan Miller Colona Illinois - Passionate About CrossFit
Megan Miller Colona Illinois
 

FBI Ransomware Report

  • 1. Ransomware InfectionVectors Ransomware is frequently delivered through phishing e-mails to end users. Early ransomware e-mails were often generic in nature, but more recent e-mails are highly targeted to both the organization and individual, making scrutiny of the document and sender important to prevent exploitation. An e-mail compromise occurs in one of two ways: 1. Receipt of an e-mail containing malicious attachments, including: .pdf, .doc, .xls, and .exe file extensions. These attachments are described as something that appears legitimate, such as an invoice or electronic fax, but contain malicious code. 2. Receipt of an e-mail that appears legitimate but contains a link to a website hosting an exploit kit. When the user opens the malicious file or link in the phishing e-mail, the most frequent end result is the rapid encryption of files and folders containing business-critical information and data. Recent ransomware campaigns have employed robust encryption that prevents most attempts to break the encryption and recover the data. Another infection method involves adversaries hacking a knownwebsitetoplantthemalware. Endusersareinfected when visiting the compromised website while using outdated browsers, browser plugins, and other software. Ransomware is a form of malware that targets both human and technical weaknesses in organizations in an effort to deny the availability of critical data and/or systems. When the victim organization determines they are no longer able to access their data, the cyber actor demands the payment of a ransom, at which time the actor purportedly provides an avenue to the victim to regain access to their data. Recent iterations target enterprise end users, making awareness and training a critical preventative measure. Afterinfection,themalwareusuallycallshometocommand and control (C2) infrastructure to obtain encryption keys from the adversary. Once keys are obtained, the malware begins rapidly encrypting files and folders on local drives, attached drives, and network shares to which the infected user has access. Organizations are generally not aware that they have been infected until users are no longer able to access data or begin to see messages advising them of the attack and demanding a ransom payment. While the FBI normally recommends organizations invest in measures to prevent, detect, and remediate cyber exploitation, the key areas to focus on with ransomware are prevention, business continuity, and remediation. It is very difficult to detect a successful ransomware compromise before it is too late. The best approach is to focus on defense in depth, or several layers of security, as there is no single method to prevent a compromise. As ransomware techniques and malware continue to evolve and become more sophisticated, even with the most robust prevention controls in place, there is no guarantee against exploitation. This fact makes contingency and remediation planning crucial to business recovery and continuity, and those plans should be tested regularly to ensure the integrity of sensitive data in the event of a compromise.
  • 2. PreventionConsiderations • Focus on awareness and training. Since end users are targeted, employees should be made aware of the threat of ransomware, how it is delivered, and trained on information security principles and techniques. • Patch the operating system, software, and firmware on devices. All endpoints should be patched as vulnerabilities are discovered. This can be made easier through a centralized patch management system. • Ensure anti-virus and anti-malware solutions are set to automatically update and regular scans are conducted. • Manage the use of privileged accounts. Implement the principle of least privilege. No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary; and they should operate with standard user accounts at all other times. • Implement least privilege for file, directory, and network share permissions. If a user only needs to read specific files, they should not have write access to those files, directories, or shares. Configure access controls with least privilege in mind. • Disable macro scripts from office files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full office suite applications. • Implement software restriction policies (SRP) or other controls to prevent the execution of programs in common ransomware locations, such as temporary folders supporting popular Internet browsers, or compression/decompression programs, including those located in the AppData/LocalAppData folder. BusinessContinuityConsiderations • Regularly back up data and verify its integrity. • Secureyourbackups. Ensurebackupsarenotconnected to the computers and networks they are backing up. Examples might be securing backups in the cloud or physically storing them offline. Some instances of ransomware have the capability to lock cloud-based backups when systems continuously back up in real- time, also known as persistent synchronization. Backups are critical in ransomware; if you are infected, backups may be the best way to recover your critical data. Other Considerations Some other considerations that can be highly dependent on organizational budget and system configuration include: • Implement application whitelisting. Only allow systems to execute programs known and permitted by security policy. • Use virtualized environments to execute operating system environments or specific programs. • Categorize data based on organizational value, and implement physical/logical separation of networks and data for different organization units. For example, sensitive research or business data should not reside on the same server and/or network segment as an organization’s e-mail environment. • Require user interaction for end user applications communicating with websites uncategorized by the network proxy or firewall. Examples include requiring userstotypeinformationorenterapasswordwhentheir system communicates with a website uncategorized by the proxy or firewall. The Ransom The FBI does not advocate paying a ransom to an adversary. Paying a ransom does not guarantee an organization will regain access to their data. In fact, some individuals or organizations were never provided with decryption keys after paying a ransom. Paying a ransom emboldens the adversary to target other organizations for profit and provides a lucrative environment for other criminals to become involved. Finally, by paying a ransom, an organization is funding illicit activity associated with criminal groups, including potential terrorist groups, who likely will continue to target an organization. While the FBI does not advocate paying a ransom, there is an understanding that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers. In all cases, the FBI encourages organizations to contact their local FBI Cyber Task Force immediately to report a ransomware event and request assistance. The FBI works with federal, state, local, and international partners to pursue cyber actors globally and assist victims of cyber crime. Victimsarealsoencouragedtoreportcyberincidents to the FBI’s Internet Crime Complaint Center (www.ic3.gov). Contact the Cyber Task Forces at www.fbi.gov/contact-us/field and the Internet Crime Complaint Center at www.ic3.gov