How To Report Ransomware To Authorities
If you have been hit by a ransomware attack, it is critical to report the incident to law enforcement. This page provides insights and resources on how to report ransomware to authorities in your relevant jurisdiction.
Should I report a ransomware attack?
You might be skeptical of why you should report a ransomware attack to authorities. By reporting a ransomware attack to authorities, you can provide law enforcement agencies with critical data to track cyber crime and prosecute the perpetrators.
Unfortunately, many ransomware attacks go unreported. In 2019, the FBI’s Internet Crime Complaint Center (IC3) received 2,047 complaints identified as ransomware, but this is only a fraction of the estimated number of ransomware attacks that occurred.
Help stop the spread of ransomware and report your attack today!
How to report a ransomware attack
Each country may require different information when reporting a ransomware attack.
While most internal IT staff can gather relevant information for law enforcement, a digital forensic examiner can obtain a triage of forensic artifacts on the targeted system. We can help you with this if needed.
Be prepared to provide as much information as possible, including:
- Your organization’s information (industry, business type, size) and best point of contact
- Approximate date and time of the ransomware attack
- How the attack occurred (via email link or attachment, internet browsing etc.)
- A copy or photo of the ransom demand note or splash screen
- Name of the ransomware variant (usually included in the ransom note or encrypted file)
- Any relevant IP addresses that connected to your network that you do not recognize
- The file extension of encrypted files
- Email address, URL or any other communication method provided by the threat actor
- Electronic copies of any communication you have had with the threat actor (if applicable)
- Threat actor’s bitcoin wallet address (typically identified on the ransom page)
- Ransom amount demanded and ransom amount paid (if any)
- Overall losses associated with the ransomware attack including ransom amount
If you need assistance finding any of this information or need ransomware recovery services, contact one of our ransomware recovery experts today!
To report your ransomware attack, please select your residing country below.
We hope this page was helpful to report your ransomware incident to the appropriate authorities. If you require further assistance remediating your ransomware incident, or would like proactive ransomware services, our experts are here to help you.
There are three common ways ransomware attacks happen:
- Open RDP ports: Remote Desktop Protocol (RDP) is an access portal that allows a user or administrator to connect to your computer from another location.
- Phishing emails: emails containing malware or malicious links that install a ransomware program on the computer when clicked
- Exploit kits: advanced malware tool that allows cyber criminals to target victims through security gaps in well-known software and hardware from popular technology manufacturers
There are four common methods to recover files from a ransomware attack:
- Recover files with a backup: Find out if any data backup is in place to recover files from off-site or offline backup, Window Shadow Copies and on-site backups
- Recreate the data: Utilize any available paper copies, email exchanges and attachments and database mining practices to recreate the encrypted data
- Break the ransomware encryption: Unfortunately, many ransomware encryptions are unbreakable, but you should always contact a ransomware recovery service to determine if there is a decrypter available for your particular variant.
- Pay the ransom to decrypt ransomware files: If the encryption is too strong, sometimes the only way to obtain the decryption key for your files is to pay the ransom.
In the United States, it is legal to engage with ransomware operators and pay ransomware with cryptocurrency. The FBI does not encourage paying ransom, however, they do acknowledge paying the ransom as a last resort option to be considered. Our guide in the pros and cons of paying ransomware highlights the various outcomes of these situations.
Pros of paying the ransom:
- Recover Encrypted Files
- Quicker Recovery
- Save Money
Cons of paying the ransom:
- Bad Working Decrypter
- Further Attacks May Occur
- The Ethical Dilemma of Funding Cyber Crime Economy
Following a ransomware attack, it is important you take the necessary steps to secure your network and avoid being victimized again. The National Institute of Standards and Technology (NIST) recommends using 4-step process of continuous incident response activities including:
- Detection and Analysis
- Containment, Eradication and Recovery
- Post-Incident Activity