Posted by Tyler Chancey, GCFA on

Tyler Chancey is a seasoned cybersecurity professional currently serving as the Director of Cyber Security at Scarlett Cybersecurity Services, With a solid foundation in Computer Software Engineering from the University of Florida, Tyler holds a repertoire of certifications that underscore his expertise. These include the prestigious Microsoft 365 Certified: Enterprise Administrator Expert and Microsoft 365 Certified: Security Administrator Associate, showcasing his mastery in Microsoft's enterprise solutions. Tyler's commitment to comprehensive security is further evidenced by his CompTIA Security+ certification, demonstrating proficiency in core cybersecurity principles. Additionally, his GIAC Certified Forensic Analyst (GCFA) credential attests to his advanced skills in forensic analysis—an invaluable asset in today's complex cybersecurity landscape. Tyler's dedication to staying at the forefront of industry standards is evident in the active pursuit and maintenance of these certifications, making him a trusted authority in the field.

who to report ransomware to

Based on the fact that you are reading this guide, you have likely faced a ransomware incident. Now you're wondering what to do next. Whom should you contact about this incident? Should you tell the Authorities? 

If you have been affected by a ransomware attack, contact the closest FBI field office and also report a crime to the Internet Crime Complaint Center of the FBI (IC3). You can also report the incident to the US Secret Service and CISA. Contact your cybersecurity services provider and/or local law enforcement as well. 

  • Let your closest FBI field offices know about the ransomware incident.
  • If you’d like to submit an online tip regarding the incident, you can visit here
  • Visit the Internet Crime Complaint Center and file your report there. 
  • You can also contact a field office of the US Secret Service to report such incidents.
  • CISA is one of the reliable platforms where you can report these incidents.

If we look at the stats of ransomware incidents from 2018 to 2021, we can see that there has been a drastic increase in the attacks. Even from the 1st quarter of 2020 to the third quarter of 2021, everyone can observe a rise in millions. These facts suggest how important it is to report a ransomware incident so that we can stop this increase. 

Keep on reading this extensive guide to understanding everything. We must know how to report the ransomware incident to the appropriate authorities.

What is a Ransomware Attack?

The term "ransomware" refers to malicious software that encrypts your PC and demands money to decrypt it. You can unintentionally install ransomware on your computer by clicking on a link. Other times, you can do it by visiting an advertisement, checking a URL, or accessing a website that contains ransomware.

When the code is loaded on a computer, it prevents access to files and statistics. In a more dangerous version, files and folders can be encrypted on local, networked, and connected computers.

Sometimes, you are not aware that your computer has been infected. Most people find out about it when they can't get to their files or when they see messages on their computers telling them about the threat and asking for a ransom.

The flow of Ransomware Incidents

  • The malware first enables access to the system.
  • Depending on how it works, ransomware can lock up both the operating system and its categories and tags.
  • A ransom is then demanded from the victim.

Reporting a Ransomware Attack

The following points show all about the reporting of a ransomware attack.

To whom should we report a ransomware attack?

Those who have been victimized by ransomware tragedies can report their incidents to the FBI, IC3, the US Secret Service, CISA, your cyber security services provider, or your local law enforcement.

The FBI encourages victims of ransomware to report their attacks. As a result, the FBI can gain a more comprehensive picture of the current threat and its impact on victims in the United States.

Cybersecurity and Infrastructure Security is another group you can report ransomware incidents to. CISA has specific reporting rules for ransomware:

  • Determine the present long-term impact on the operations or services provided by the agency.
  • Find out what kind of information was lost, stolen, or changed.
  • Evaluate how much time and money will be needed to get back on track after the altercation.
  • Find out when the first sign of the action was seen.
  • Find out where on the system the activity was seen.
  • Analyze how many systems, records, and users are affected.
  • Find out who to contact for more information.

Should a Victim of Cybercrime Tell the Authorities?

The answer is yes. There is always a strong recommendation to notify law enforcement agencies about ransomware attacks. The disclosure of your ransomware situation to law enforcement agencies for monitoring and independent investigation can help numerous possible victims and even you personally. When the police find the person who did it, they can seize the servers and give the public free access to the decryption keys.

The Reasons for Reporting RansomWare

What are the advantages of knowing why it is important to notify the police when you have been affected by a ransomware attack? It is common for ransomware victims to wonder if they are legally required to report malicious incidents to law enforcement. Often, people are unsure if a ransomware attack qualifies as a security breach and, if so, whether it must be reported.

The Health Insurance Portability and Accountability Act covers a wide range of local, state, and federal statutes that protect clients' private data. If you determine a small possibility of data access, you should report the ransomware attack to the department of health and service. How do you prove this?

With the help of a digital forensics analysis, you can find out if any data has been viewed or stolen after a ransomware attack. Computer forensics investigations provide insight into what the ransomware attacker was doing on your system. It contains directories, documents, and user profiles.

The use of digital evidence reports can assist police departments in detecting ransomware intrusion attempts and malicious hackers. In this case, IP addresses, threat techniques, and attack methods are involved.

Why Should You Trust Digital Forensic Investigation Specialists?

There are a few reasons on the basis of which you can trust a digital forensic team:

  • A team of exceptional digital forensics experts.
  • There are both big and small businesses in this sector, as well as public administration and health care.
  • There is a 24-hour emergency service available.
  • Continuous optimization and simplification of processes.

Can Reporting a Ransomware Attack Damage My Company’s Reputation?

How will telling people about an attack hurt your company's reputation, whether you use a ransomware repair service or do it yourself?

It is regrettable that any unauthorized access can cause your employees to lose faith in your company. You may be embarrassed if you suffer a ransomware attack on your network due to security flaws in your system. The first step towards recovery is to acknowledge it. Accept responsibility for your ransomware mishap.

You will be respected by your customers for being open-minded. If their information was decrypted, they'd want to know what you are doing to prevent it from happening again. Your personal information about the hacking incident won't be released to the public by the FBI.

The most common ways in which ransomware details leak are through internal document leaks or media outreach. An incident response strategy outlines how your organization will handle an assault.

Should Businesses Pay the Ransom When They Are Attacked by Ransomware? Is It Ethically Wrong?

The possibility of a major ransomware attack is almost unavoidable for organizations. If ransomware isn't found quickly, company information could be stolen, deleted, and put on sites that list businesses.

A corporation cannot secure its systems once it receives a ransom note. It has become a casualty of the attack. There is now a decision for the leaders to make: should they pay the ransom? Is this even permissible?

The Company’s Reasons for Paying the Ransom

There are many businesses that have paid ransoms to regain assets, although they will not admit it. The majority of companies would rather stay silent when it comes to data breaches. Thus, malicious attackers and targets are unable to negotiate freely.

Many businesses choose to pay ransom due to the annual increase in ransom payment amounts. Some of the common reasons are as follows:

  • Reduced recuperation time. Rather than risking a lengthy, expensive outage if asset recovery takes a long time, paying the ransom may be more prudent.
  • A negative impact on business. Despite the best efforts of a corporation, it can lose money, repute, and other things. If a company leaks data and then says it was hit by ransomware, it will hurt its reputation and the trust of its customers.
  • Extreme recovery expenses. Having paid a ransom is a commercial decision. Why would a company not take the risk when the cost of ransomware recovery exceeds the ransom demand?
  • To secure client or staff data. The privacy of customer and employee data is a sensitive issue for businesses. Cybercriminals often threaten to release the information of their victims in order to force companies to pay them.

Considerations on Why Corporations Should Refuse to Pay Ransoms

According to federal officials and industry experts, paying the ransom affects the sector more than it helps. Here are some reasons why paying might not be a wise choice for your company:

  • It inspires intruders. Hacker gangs can use the ransom money to launch more attacks once they receive the ransom money. There is a possibility that the victim companies may even be targeted again if the news gets out that they paid.
  • It raises payments. It is common for ransomware gangs to demand more money. Purchasing decryption keys is the first step, and preventing data leaks is the second.
  • Not all the data is returned. It is also unclear whether the hackers will restore the data. Whether the secret key will restore the data to its pre-attack state is unknown unless a company is willing to pay.
  • Future legal issues that might arise. If a firm pays the bill, it may face legal consequences. Ransomware attackers may be considered terrorists in some countries. They operate under the umbrella of terrorism.

Is It Ethical to Pay Ransomware Demands?

In the United States, paying the ransom is legal for now, but cybersecurity professionals advise business owners not to do so. According to the value of the assets, an organization may decide it must pay the ransom and that doing so is legal.

FBI agents have a greater understanding of the idea that businesses shouldn't pay ransom money. They say doing so only exacerbates the problem.

In some situations, it might be in a company's best interest to pay the ransom. But experts recommend telling the feds or the National Cybersecurity Agency. You can also report it to the Infrastructure Security Agency instead.

Why Is It Beneficial for Your Company to Disclose a Ransomware Attack?

Hackers around the globe must be arrested and punished immediately after a ransomware attack. But you may wonder what benefit it will have for your business right now. Several CISA alerts and bulletins provide insight into how ransomware works.

When you let people know about a ransomware attack, you help them develop guidelines.  You help them generate notifications about security problems, risks, and cybercrime. As a result of reports from ransomware victims, the above alerts have been compiled.

Possibly, a government agency could decode the files without contacting the terrorist organization. If you don't report it, you won't know. When you report ransomware, you usually get answers based on the volume of documents and minimal government assets you have.

As a result of infected networks, law enforcement can guide you on how to repair the damage. They can also give you tools to help you get rid of ransomware and get your files back. If you want to pay the ransom to an authorized party and have tried everything else to get your files back, you must follow a set reporting system.

How Do I Disclose Ransomware and to Whom Should I Notify It?

To have a better understanding of the advantages of informing the authorities about ransomware, let's go over how to do so. Often, people find it challenging to notify authorities of ransomware attacks because they are not sure where they should go.

First, obtain ransomware forensic data (including digital currency wallets, email addresses associated with threat actors, internet protocol addresses, etc.). The most effective way to preserve digital evidence is through a server picture. Cyber forensics can help you with this.

Necessary Precautions

To protect yourself from ransomware, take these precautions:

  • Invest in national cybersecurity insurance.
  • Create frequent backups of your data.
  • Update your software platforms with automatic updates on a regular basis.

Your employees can avoid falling victim to phishing scams by following these precautions:

Final Thoughts

When you become aware of a ransomware attack, contact law enforcement immediately. Ransomware is a criminal offense that must be reported to local police departments and the FBI. It is true that police departments cannot assist you in decrypting your files. But they can at least help others to avoid a horrible scenario by preventing it from occurring.

Share this

Related Articles

Learn the Three Rules of HIPAA: Essential Guidelines for Security and Privacy

Live Nation reveals data breach at its Ticketmaster subsidiary

Ascension hospitals investigating possible data breach after suspected cyberattack disrupts clinical operations