Hit by ransomware? Here's what the FBI says you should do

After at least 23 Texas towns were hit by a “coordinated” ransomware attack last month, Gov. Greg Abbott ordered an “escalated response” and the state’s Department of Information Resources stepped in to work with the affected groups.

But what happens if cybercriminals target your personal computer or business with ransomware? FBI officials said in a recent podcast that victims of ransomware should not pay the ransom.

Ransomware is a type of malware that encrypts the information on a computer. It’s spread through spam emails and malicious websites. When a user tries to use the computer, they receive a message demanding payment to unlock it.

But paying up is no guarantee that the crook will unlock the computer, according to Herbert Stapleton, the FBI’s Cyber Section chief. In one case, he said the “bad actors” took the money and provided a key to unlock the victim company’s data. But instead, the key actually erased all the data.

“These are fairly rare instances, but the risk is there,” Stapleton said on the podcast.

There were more than 1,400 victims of ransomware with losses of $3.6 million, not including costs like lost businesses, wages or time, according to the FBI. But officials said that figure only represents a small fraction of the incidents, as many victims don’t report the attacks.

Paying the people who spread ransomware also just encourages them to continue, according to Stapleton.

“They basically will continue to attack as long as it’s profitable for them,” he said. “So, continuing to contribute to that profitability just encourages more ransomware attempts.”

Instead of paying, the best thing to do is to contact the FBI and report the cyberattack as soon as possible, FBI spokesperson Mollie Halpern said. Victims of crimes like ransomware attacks can report it to the FBI’s Internet Crime Complaint Center online.

In Texas, officials didn’t disclose which agencies or jurisdictions were targeted by the ransomware attack. But government agencies appear to be popular targets for cybercriminals. Earlier this year, officials in Baltimore said a ransomware attack crippled its computer systems and cost the city millions as hackers demanded a payment of $76,000 in bitcoin.


Officials in the small Florida town of Riviera Beach voted to have its insurer pay nearly $600,000 in bitcoin after hackers paralyzed its computers. In Georgia, Jackson County officials said they paid hackers nearly $400,000 to stop an attack that had left the sheriff’s office filling out paperwork on paper instead of on a computer.

“One of the reasons they can extract such large ransoms is they often target entities whose data is either a critical part of their business or that entity provides critical services, like emergency services,” Stapleton said. “So a police department is a really good example of that. If a police department can’t access the necessary data and systems they have, then there is a potential public safety risk. And so, as a result, the criminals have found that, often, these entities are willing to pay high ransoms to get their data back.”