FBI seeks help in cyber extortion fight
The Federal Bureau of Investigation (FBI) is asking businesses and software security experts for emergency assistance in its investigation into a pernicious new type of "ransomware" virus used by hackers for extortion.
"We need your help!" the FBI said in a confidential "Flash" advisory that was dated 25 March and obtained by Reuters over the weekend.
Friday's FBI alert was focused on ransomware known as MSIL/Samas.A that the agency said seeks to encrypt data on entire networks, an alarming change because typically, ransomware has sought to encrypt data one computer at a time.
The plea asked recipients to immediately contact the FBI's CYWATCH cyber centre if they find evidence they have been attacked or have other information that might help in its investigation.
It is the latest in a series of FBI advisories and warnings from security researchers about new ransomware tools and techniques.
"This is basically becoming a national cyber emergency," said Ben Johnson, co-founder of Carbon Black, a cyber security firm that on Friday uncovered another type of ransomware that seeks to attack PCs through infected Microsoft Word documents.
The FBI first reported on MSIL/Samas.A in an 18 February alert that lacked the urgency of Friday's warning. The February message contained some technical details but did not call for help. It said MSIL/Samas.A targets servers running out-of-date versions of a type of business software known as JBOSS.
In its latest report, the FBI said investigators have since found that hackers are using a software tool dubbed JexBoss to automate discovery of vulnerable JBOSS systems and launch attacks, allowing them to remotely install ransomware on computers across the network.
The FBI provided a list of technical indicators to help companies determine if they were victims of such an attack.
"The FBI is distributing these indicators to enable network defence activities and reduce the risk of similar attacks in the future," the advisory said.
FBI representatives did not respond to requests for comment on the confidential warning.
The sectors hardest hit by ransomware include industries that rely on computer access for performing critical functions, such as healthcare and law enforcement. Publicly reported attacks in which hospitals and police have paid ransoms, then recovered data, has encouraged attackers to further target those groups, cyber security experts said.