FBI Issues Warning for Ransomware Malware

The Federal Bureau of Investigation is warning all businesses about the risks of “ransomware.” Ransomware is malware – a malicious program embedded inside of a message or web page. The message may come in the form of an innocuous message directed towards a specific person in the organization, such as a controller, accountant, or risk manager. The message typically includes an attachment, like document (.pdf), text file (.txt), or spreadsheet (.xls) that appears legitimate, such as a bill or a letter. Alternatively, the message may direct the user to a website that appears valid. When the user opens the attachment or goes to the website, the malicious program encrypts – that is, hides – files and folders containing the user’s information and data. The person or organization who sent the message then contacts the user and demands a ransom – money for the return of the information and data.

There has been an increase in the number of ransomware attacks. The FBI does not advocate paying a ransom for the return of data. The FBI has set up a Cyber Task Force to assist in the event of a ransomware attack (www.fbi.gov/contact-us/field). The FBI recommends employee training, keeping all operating systems, software, and antivirus/malware protection systems up to date, and maintaining robust file access privileges across an organization.

If a health care provider, covered entity, or business associate is hit with a ransomware attack, there may be additional reporting requirements under HIPAA, depending on the circumstances. Remember, many insurance policies provide data breach services that include assistance with reporting and remediation.

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Print this pageEmail this to someone