"Ransomware has been around for a few years, but during 2015, law enforcement saw an increase in these types of cyber attacks, particularly against organizations because the payoffs are higher," the letter reads. "And if the first three months of this year are any indication, the number of ransomware incidents--and the ensuing damage they cause--will grow even more in 2016 if individuals and organizations don’t prepare for these attacks in advance."Along with an increase in the number of ransomware attacks, the FBI has observed a corresponding increase in the sophistication of attack campaigns. Computer criminals traditionally relied solely on spam mail to send out most forms of malware. Now they are turning to more sophisticated means, including spear-phishing (or whaling) emails and exploit kit attacks that don't require user interaction.
"Paying a ransom doesn’t guarantee an organization that it will get its data back--we’ve seen cases where organizations never got a decryption key after having paid the ransom," explains FBI Cyber Division Assistant Director James Trainor. "Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals."Acknowledging those repercussions, the FBI urges organizations to develop a business continuity plan they can implement in the event of an attack and to invest in ransomware prevention. For some helpful ransomware prevention tips, please click here.