How to Report Ransomware Crimes to the FBI (4 Easy Steps) [Updated]

Editor's note: This post was originally published on April 24, 2018 and has been revised for clarity and comprehensiveness. 

Step 1: Contact the FBI & Internet Crime Complaint Center (IC3).

If the loss of your files would incapacitate your business, it may be tempting to pay the ransom to get those files back.

Unfortunately, even if you choose to pay the ransom, there's no guarantee that you'll get your files back. According to the FBI, some organizations are never provided with decryption keys after paying a ransom.

Worse, the criminals may use your money to create more effective versions of their ransomware to use on future victims.

Step 2: Submit a detailed complaint. 

To assist in the FBI's investigation, you'll need to provide as much evidence as possible about the ransomware attack.  

They’ll ask for the following details about the attack:  

a) Date of the incident 

The date of occurrence is crucial when establishing the severity of the infection.   

b) Ransomware variant 

The ransomware variant is often identified on the ransom page or sometimes in the encrypted file extension. In some cases, the hacker will leave a calling card detailing who they are or what syndicate they’re part of.   

c) Company information 

The FBI will ask for information about your company, including your business's industry type and size.   

d) Infection details 

If you know how the infection started, you must inform the authorities. The most common ways ransomware gets downloaded are through phishing emails, infected portable devices like flash drives, and malicious ads. 

e) Ransom amount demanded 

Do not wire any money to cyber criminals as much as possible - whether they ask for it in dollars or in bitcoin. 

RELATED: 3 Reasons Why You Shouldn’t Pay Ransomware Demands 

f) Total overall loss amount 

How much will this ransomware attack cost your business? By providing the amount, you will also have an official record you can show your cyber insurance company. 

g) A victim impact statement  

Lastly, you’ll be expected to describe how the crime has affected your business financially and operationally. 

Step 3: Cooperate with the FBI & other involved government agencies. 

Once you've reported the ransomware attack to the FBI, you must cooperate with their investigation. This may include providing additional information or evidence as requested by the FBI. It's important to be transparent and truthful in your communication to help them investigate the attack thoroughly. 

If there are any ransom notes or emails from the attackers, screenshots of any error messages or pop-ups, and any other relevant information, submit these, too. Do not remove the ransomware until you’ve reported it to the IC3, your cybersecurity expert, and your cyber insurance company. 

Step 4: Protect against future attacks. 

Reporting a ransomware incident to the FBI is just one step in protecting your business against ransomware attacks. It's essential to take proactive measures to secure your systems and data against future threats. This may include: 

a) Regularly backing up your data 

Regularly backing up your data can help you recover quickly from a ransomware attack without paying a ransom. 

b) Updating software and security systems 

Keeping your software and security systems up to date can help prevent vulnerabilities that hackers can exploit. 

c) Educating employees 

Educating your employees on how to identify and prevent ransomware attacks can be an effective way to reduce the risk of an attack. 

d) Implementing Multi-Factor Authentication (MFA) 

Implementing multi-factor authentication can make it more difficult for hackers to gain access to your systems and data. 

Why report a ransomware crime to the FBI? 

If your business is a victim of ransomware, report the crime to the FBI as soon as possible. 

While the IC3 does not prosecute cybercriminals, it evaluates the severity of your case and forwards it to the relevant law enforcement and regulatory offices. 

Reporting a ransomware crime to the FBI will:  

1. Help the FBI investigate and stop the attackers. 

Reporting the ransomware attack to the FBI can provide critical information to help them track down the hackers responsible for the attack. 

2. Identify patterns and trends. 

The FBI collects data on ransomware attacks, which can help them identify patterns and trends that can be used to prevent future attacks. 

3. Support in data recovery. 

Reporting a ransomware attack to the FBI can also help victims in their recovery efforts by providing information on best practices for data recovery and securing their systems against future threats. 

Ready to prevent ransomware attacks? 

Remember: ransomware attacks are a severe threat to businesses, and reporting them to the FBI is essential in prevention and future recovery.   

By following the steps outlined in this article and taking proactive measures to secure your systems and data, you can reduce the risk of falling victim to a ransomware attack.  

We understand how difficult it can be to add another thing to your ransomware recovery and prevention list. However, as a long-time provider of cybersecurity services, we’ve seen how crucial it is for our clients to have a thorough cybersecurity plan.  

To find more information about cybersecurity for your organization, download our eBook, 3 Types of Cybersecurity Solutions Your Business Must Have, or check out these other resources:  

• Easy Ways to Protect Your Small Business from Ransomware 
• Cost of Cybersecurity (Factors to Consider) 
• Outsourced or In-House Cybersecurity: What are the Pros and Cons? 

However, if you want company-specific advice, request a free cybersecurity assessment from our expert cybersecurity team.