FBI issues ransomware alert, requests help from U.S. businesses

ransomware A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin May 21, 2013. REUTERS/Pawel Kopczynski

Editor’s Note: In May 2011, the Wall Street Journal published an article titled “Pentagon: Cyber Attacks Can Count as Acts of War.” The article began, “The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force.”

(Reuters) – The FBI is asking businesses and software security experts for emergency assistance in its investigation into a pernicious new type of “ransomware” virus used by hackers for extortion.

“We need your help!” the Federal Bureau of Investigation said in a confidential “Flash” advisory that was dated March 25 and obtained by Reuters over the weekend.

Ransomware is malicious software that encrypts a victim’s data so they cannot gain access to it on their computers, then offers to unlock the system in exchange for payment.

Friday’s FBI alert was focused on ransomware known as MSIL/Samas.A that the agency said seeks to encrypt data on entire networks, an alarming change because typically, ransomware has sought to encrypt data one computer at a time.

The plea asked recipients to immediately contact the FBI’s CYWATCH cyber center if they find evidence that they have been attacked or have other information that might help in its investigation.

It is the latest in a series of FBI advisories and warnings from security researchers about new ransomware tools and techniques.

“This is basically becoming a national cyber emergency,” said Ben Johnson, co-founder of Carbon Black, a cyber security firm that on Friday uncovered another type of ransomware that seeks to attack PCs through infected Microsoft Word documents.

The FBI first reported on MSIL/Samas.A in a Feb. 18 alert that lacked the urgency of Friday’s warning. The February message contained some technicals details but did not call for help. It said that MSIL/Samas.A targets servers running out-of-date versions of a type of business software known as JBOSS.

In its latest report, the FBI said that investigators have since found that hackers are using a software tool dubbed JexBoss to automate discovery of vulnerable JBOSS systems and launch attacks, allowing them to remotely install ransomware on computers across the network.

The FBI provided a list of technical indicators to help companies determine if they were victims of such an attack.

“The FBI is distributing these indicators to enable network defense activities and reduce the risk of similar attacks in the future,” the advisory said.

FBI representatives did not respond to requests for comment on the confidential warning.

The sectors hardest hit by ransomware include industries that rely on computer access for performing critical functions, such as healthcare and law enforcement. Publicly reported attacks in which hospitals and police have paid ransoms, then recovered data, has encouraged attackers to further target those groups, cyber security experts said.

(Reporting by Jim Finkle; editing by Grant McCool)

Leave a Reply