The Federal Bureau of Investigation has published a public service announcement warning that high-impact ransomware attacks are threatening U.S. businesses and organizations.

The PSA, published Wednesday, runs through what ransomware is and how it infects its victims. But where it gets interesting is in its advice to victims of ransomware attacks.

“The FBI does not advocate paying a ransom, in part because it does not guarantee an organization will regain access to its data,” the PSA reads. “Paying ransoms emboldens criminals to target other organizations and provides an alluring and lucrative enterprise to other criminals.”

That said, the FBI took a conciliatory note to those businesses that do pay ransoms. “The FBI understands that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers,” the PSA said.

Regardless of the decision whether to pay, the FBI urged all victims of ransomware to report the incidents to law enforcement. “Doing so provides investigators with the critical information they need to track ransomware attackers, hold them accountable under U.S. law, and prevent future attacks,” the PSA added.

The FBI PSA comes after countless ransomware attacks throughout 2019, the most recent targeting Alabama hospitals this week. Other notable ransomware attacks in recent times include hundreds of dentists, various Texas local governments, Louisiana schools and several cities in Florida.

Prior to today, the FBI’s post recent PSA in relation to cybersecurity was a warning posted June 10 about hackers exploiting secure websites in phishing campaigns.

Discussing some of the attack methods used by those behind ransomware attacks highlighted in the PSA, Chris Morales, head of security analytics at threat detection company Vectra AI Inc., noted that the FBI warning identifies the use of remote desktop port vulnerabilities, password brute force attacks or simply the acquisition of user names and passwords on ‘dark net’ marketplaces as methods of compromising RDP.

“The business value delivered by RDP will ensure its continued use and it will therefore continue to represent significant risk as an exposed attack surface,” Morales said. “Quite often remote access exists within organizations that is unknown to the IT staff, often by third-party vendors, or on legacy systems that cannot be patched.”

Morales added that though organizations must limit access to remote desktop management and use strong authentication, it’s not possible in every scenario. “For this reason, organizations must assume compromise is possible and focus on learning the who, what, where and when of remote desktop access,” he said.

Photo: J/Flickr