The FBI is setting the record straight on ransomware, warning users they shouldn’t believe sudden pop-ups on their screen that demand a fine be paid for breaking the law, even if it allegedly comes from the FBI.

In an article on its blog, the FBI said ransomware is increasing even as cybercriminals change tactics. Traditionally, malware distributed via spam email was an easy way for attackers to take over a computer system in return for payment. However, a more popular “drive-by” approach that embeds malicious code into a website or pop-up window is now being used. The intended victims are also expanding beyond consumers to businesses and from desktops to mobile phones, the FBI added.

The FBI isn’t the only group noting a rise in ransomware. Security firm Lookout’s recently released Mobile Threat Report shows distinct trends in not only the types of malware typically aimed at smartphones — such as ScarePakage and ScareMeNot — but the countries targeted, which include the United Kingdom, Germany and the United States. Those forced to pay were typically meeting demands of between $300 and $500, the report added.

A story on Dark Reading suggested ransomware on mobile devices may be a sign that those creating it are becoming more sophisticated and mature in their methods, in much the same way computer viruses shifted from desktops to other form factors. What is consistent with nearly all forms of hacking attempts is the social engineering aspect, where those doing the blackmailing pretend to be the FBI or other law enforcement officials.

What may make matters worse, at least for some consumers, is that paying cybercriminals may also require them to become more familiar with the latest in cryptocurrencies. The FBI report said bitcoin is becoming a popular way to collect money from victims. This was backed up by recent reports in SC Magazine of a new variant on Curve-Tor-Bitcoin Locker, which is being used by cybercriminals to charge computer users the equivalent of nearly $1,800 to set their device free.

As a piece in The Economist explained, bitcoin is a natural fit for cybercriminals because it is far more anonymous than demanding payments through debit systems or bank accounts, which can be more easily tracked. Meanwhile, the code involved seems to undergo a nearly constant metamorphosis, requiring even experienced security researchers to work overtime to keep up.

Hopefully, consumers will pay attention to the FBI’s warning and corporations will spread the news to their employees. Education on this topic cannot happen fast enough. At the very least, it needs to spread more quickly than most types of ransomware.

More from

Most organizations want security vendor consolidation

4 min read - Cybersecurity is complicated, to say the least. Maintaining a strong security posture goes far beyond knowing about attack groups and their devious TTPs. Merely understanding, coordinating and unifying security tools can be challenging.We quickly passed through the “not if, but when” stage of cyberattacks. Now, it’s commonplace for companies to have experienced multiple breaches. Today, cybersecurity has taken a seat in core business strategy discussions as the risks and costs have risen dramatically.For this reason, 75% of organizations seek to…

How IBM secures the U.S. Open

2 min read - More than 15 million tennis fans around the world visited the US Open app and website this year, checking scores, poring over statistics and watching highlights from hundreds of matches over the two weeks of the tournament. To help develop this world-class digital experience, IBM Consulting worked closely with the USTA, developing powerful generative AI models that transform tennis data into insights and original content. Using IBM watsonx, a next-generation AI and data platform, the team built and managed the entire…

How the FBI Fights Back Against Worldwide Cyberattacks

5 min read - In the worldwide battle against malicious cyberattacks, there is no organization more central to the fight than the Federal Bureau of Investigation (FBI). And recent years have proven that the bureau still has some surprises up its sleeve. In early May, the U.S. Department of Justice announced the conclusion of a U.S. government operation called MEDUSA. The operation disrupted a global peer-to-peer network of computers compromised by malware called Snake. Attributed to a unit of the Russian government Security Service,…

How NIST Cybersecurity Framework 2.0 Tackles Risk Management

4 min read - The NIST Cybersecurity Framework 2.0 (CSF) is moving into its final stages before its 2024 implementation. After the public discussion period to inform decisions for the framework closed in May, it’s time to learn more about what to expect from the changes to the guidelines. The updated CSF is being aligned with the Biden Administration’s National Cybersecurity Strategy, according to Cherilyn Pascoe, senior technology policy advisor with NIST, at the 2023 RSA Conference. This sets up the new CSF to…