LOUISVILLE, Ky. - According to the Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center, Kentuckians lost over $9.3 million dollars because of cyber crimes in 2018. In June, Louisville’s Park DuValle Community Health Center paid a nearly $70,000 ransom in Bitcoin because of ransomware.
Ransomware is a cyberattack that essentially holds valuable digital files hostage and demands money to release them.
“The trends with ransomware are to exploit any common vulnerabilities in computer systems, regardless of what industry is using them, to try and get as many high dollar victims, as possible,” FBI Cyber Supervisory Special Agent Stephen Oakes told Spectrum News 1.
The FBI is the lead federal agency for investigating cyberattacks. Agent Oakes oversees a cyber squad at Kentucky’s FBI field office in Louisville that investigates both national security and cyber matters.
“We’re at the point now where it’s not so much an if but a when are you going to be hit with something like this,” said Agent Oakes.
While prevention is key, having a plan in place before a cyberattack occurs, such as ransomware, is critical. Agent Oakes said law enforcement should be a part of such plan so an organization is not trying to build a relationship with an agency after a cyberattack has taken place.
“Whomever you’re comfortable with, FBI, Secret Service, state and local police, so that if something does happen, you have someone to go ahead and call, and say, ‘this happened how do we start taking action against this,' " Agent Oakes explained.
For example, an organization can contact Kentucky’s FBI field office to have a conversation or even include the agency in tabletop exercises to talk through hypothetical situations.
“We can share the information that we have gathered through our investigations to help people through the process to give good advice based on what we have seen in the past,” Agent Oakes told Spectrum News 1. The tabletop also helps set expectations on both sides, as the FBI is not an incident responder and can’t fix a computer system in the event of a cyber-attack.
Another key prevention tip is to implement good user practices and also have consequences for those who repeatedly refuse to follow those rules. For example, one of the main ways a computer system can become infected is through phishing. That is when an email designed to look like it’s from a reputable source contains a malicious link, which can open up a network to ransomware or malware if clicked.
Agent Oakes also said that simply backing up critical or important information is not enough. One also has to make sure the backed up information can actually be restored in the event of an attack.
“I don’t think that ransomware is going anywhere so we’re going to have to learn how to deal with it,” Agent Oakes explained. “We’re going to have to just try to keep working and try to improve our technical abilities and skills and awareness. I think awareness is a huge part of it.”
If a person or organization believes they are a victim of any kind of cyberattack, a report can be filed online to the FBI’s Internet Crime Complaint Center.
To include the FBI in your organization’s cyberattack prevention plan, call Kentucky’s FBI field office at 502-263-6000 or email Louisville.Outreach@FBI.gov.