Slashdot Mirror

← Back to Stories (view on slashdot.org)

Victims Aren't Reporting Ransomware Attacks, FBI Report Concludes (bleepingcomputer.com)

Posted by msmash on from the what's-happening dept.

Catalin Cimpanu, writing for BleepingComputer: Despite being an expanding threat, ransomware infections are rarely reported to law enforcement agencies, according to conclusions from the 2016 Internet Crime Report (PDF), released yesterday by the FBI's Internet Crime Complaint Center (IC3). During 2016, FBI IC3 officials said they received only 2,673 complaints regarding ransomware incidents, which ranked ransomware as the 22nd most reported cyber-crime in the US, having caused just over $2.4 million in damages (ranked 25th). The numbers are ridiculously small compared to what happens in the real world, where ransomware is one of today's most prevalent cyber-threats, according to multiple reports from cyber-security companies.

11 of 87 comments (clear)

  1. Of course they aren't by Alan+Shutko · · Score: 2

    Law enforcement isn't going to do anything to help you about ransomware hitting your computer. For the victim, it's a waste of time.

    1. Re:Of course they aren't by Alan+Shutko · · Score: 3, Interesting

      How likely is it that they will catch the people who did it? And if they do, how likely is that to reduce the chances of someone else doing the same thing?

      If someone steals your car, you contact the cops because it's possible you'll get your car back. Even if not, it's sort of possible they'll find the car thief, because the city is only so big. But finding who put ransomware on your computer among billions of people all over the world?

      Again, there's nothing in it for the victim.

    2. Re:Of course they aren't by geekmux · · Score: 2

      Law enforcement isn't going to do anything to help you about ransomware hitting your computer. For the victim, it's a waste of time.

      Ever consider the possibility that the cybercrime division actually could help by guiding an unknowing victim to available solutions to recover data instead of them blindly assuming all is lost and prematurely formatting hard drives?

      Let's not act like ransomware key recovery is some mythical event that's never happened before, or assume that every victim is aware of its existence.

    3. Re:Of course they aren't by ShanghaiBill · · Score: 3, Interesting

      Ever consider the possibility that the cybercrime division actually could help

      No. I was actually involved in a criminal case involving the FBI's cybercrime unit, and I would not even consider the possibility that they could figure out how to turn a computer on. I never met a group of more clueless people. The guy leading the investigation had been a history major in college, and had made no effort whatsoever to learn anything about technology. His subordinates were even dumber.

      Disclaimer: I was not the target of the investigation. The FBI contacted me because I had previously won a civil suit against the perp, and knew a lot about his business practices.

    4. Re:Of course they aren't by Holi · · Score: 2

      It's more that for you to make an insurance claim you must have a police report. Your most likely not getting the car back unless it was just some joyriders.

      --
      Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
  2. What should I report? by TechyImmigrant · · Score: 3, Insightful

    I get on the order of 50,000 attack probes every day. Should I be cataloging and report each one to the FBI?

    What makes a ransomware attack a special snowflake attack that needs reporting compared to spyware or bot install attempts?

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  3. Re:Big surprise: by ShanghaiBill · · Score: 5, Insightful

    Or they know that government agencies will provide zero help in solving their problem.

  4. Re:Big surprise: by geekmux · · Score: 2

    Companies don't want outsiders to know that they have incompetent users working for them...

    FTFY, since it's no secret who is responsible for infections 99.99% of the time.

  5. $ransom bad publicity ? by moeinvt · · Score: 3, Interesting

    If you file a report, is the FBI under any obligation to keep it confidential? I wouldn't trust them to stay quiet even if that was their official policy. Those guys who leaked the "Orange is the New Black" episodes somehow learned that the studio had called the FBI, after being warned not to, and punished them for doing it, even though they paid the ransom.

    I read one paper by a security expert and he said that big banks in Europe and N. America have been doing this for years. Eat the losses from computer crime as a cost of doing business rather than risk damage to their reputation by reporting that someone had broken into their customer's accounts.

    I'm sure a lot of other companies would rather pay up than endure the bad publicity which would come from word getting out that "Company X was hacked".

  6. Why would I convict myself? by medv4380 · · Score: 2

    Ransom laws get sticky so why should I report when paying them may or may not be illegal. If I report and it happens that paying the ransom is illegal then the ransom can't be paid and the FBI is slowing down recovery. If I pay the ransom to fix the problem but then report it I might get in trouble so why bother? On the other hand, If I just restore the backups I've also destroyed the evidence so Why would I report the problem?

  7. Re:Big surprise: by Zero__Kelvin · · Score: 2

    $300 is $300 not $0.10

    It is immaterial what they cost originally. It is pretty evident you have no understanding of wealth and money. Most rich people became rich and / or stay rich because they don't look at it the way you claim you do.

    --
    Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun