FBI Warns Small Businesses: Ransomware is a Growing Threat

Most people hear about the big cases - the hospital in Los Angeles who discovered that their system had been broken into, their records encrypted, and if they didn't pay a ransom, it would all be erased.

Attacks like that are usually linked to an organized group of hackers.

What most people don't hear about is the attack on a small business, with not too many employees. A business just out there in the community.

In California last year, nearly 35,000 victims suffered nearly $200 million in losses because of cybercrime, according to the FBI. California had almost double the number of victims as the second most state - Florida.

The loss suffered by California victims - $195,490,403 - is more than double than the loss suffered by the second most state, again - Florida.

"Most of those people don't want anyone to know they had been a victim," George Chamberlain, the FBI Supervisory Special Agent who heads the Oregon Cyber Task Force, tells Patch.

"The best way to stop a cyber-attack is through preparedness and prevention," Chamberlain says. "It's important to know what to look for, when to be suspicious of an email that might be a phishing attack."

The FBI says that a survey done in 2015 found that eight in ten small businesses did not have a cyber-attack response plan.

The Bureau's Internet Crime Complaint Center (IC3) says that the most common cyber attack comes in the form of business email compromise or what they call CEO Fraud.

A hacker will pose as business executives at companies that regularly perform wire transfers. After compromising the executive’s email, the actor requests employees to perform wire transfers to the bad actor’s account. IC3 has tracked more than $3 billion of losses worldwide to this kind of fraud.

From January 2015 to June 2016, this kind of fraud increased by 1,300%.

Another form of extortion, the bureau says, is ransomware - when an outside hacker takes control of a business's system, denying them the ability to access their data.

There is even internet extortion where a cyber criminal hacks or threatens to hack a system and demands a ransom.

One Oregon business was told by a hacker group if they didn't pay 50 bitcoin - about $30,000 - they would shut down their system.

"Malware has become so common, so easy to acquire that attackers can run the gamut from organized gangs overseas to someone sitting at home who knows the right website to go to," Chamberlain says.

"One of the most important things we do is to make sure people know that there are steps they can take to protect themselves."

Many of the FBI's field offices are offering seminars on cybercrime and protecting your small business. The bureau also maintains two websites with more information.

Cyber Task Force (CTF)

www.fbi.gov/contact-us/field

The FBI Cyber Division has established CTFs in each of the FBI’s 56 field offices. CTFs are staffed with cy-
bersecurity professionals who respond to cyber incidents, conduct victim-based investigations, and collect
malware signatures and other actionable intelligence. FBI Headquarters works directly with CTFs to build a
strategic picture of cyber threats, attribute attacks, plan operations, and disseminate timely threat information to victims and private partners.

Internet Crime Complaint Center (IC3)

www.ic3.gov

IC3 provides the public with an online reporting mechanism for suspected internet-facilitated crime, including intellectual property theft and online fraud. Complaints are processed and sent to relevant U.S. Government agencies for follow-up action and intelligence collection.

Photo via Shutterstock