A hooded hacker sits at a laptop surrounded by digital icons of email envelopes and a glowing lock symbol, representing global ransomware and cybersecurity threats.

5-Minute Guide to Cyber Security - The FBI Recommended Protocol with a Ransomware Attack

Guides| Cyber Security
November 07, 20256 min read

Intended Audience:

🎯 Business Owners, Corporate Officers, Managers & IT Professionals.

The FBI Definition of a Ransomware Attack

“A type of malicious software, or malware, that prevents you from accessing your computer files, systems, or networks and demands you pay a ransom for their return.”

More Specifics About Ransomware Attacks:

  • A ransomware attack is often introduced via e-mail phishing, or a more personalized email attempt called spear-phishing.

  • The hackers encrypt the data in a computer, or computer network, so it cannot be accessed by the regular users.

  • The attack may spread within a network, affecting shared drives or multiple systems.

  • After gaining access and then encrypting the data, the cybercriminal then imposes a ransom demand that when met will supposedly trigger them provide a decryption key or restore access to the data.

  • The average ransomware demand on U.S. entities in 2025 was $3.5-million.

  • Under Title 18, U.S. Code ~1030, The FBI is the lead federal agency in the investigation of internet crimes.

Where Most Ransomware Attacks Originate From:

  • Russia: Large criminal cyber families appear to be operating with the approval of the Russian government as long as they don’t attack Russian based entities.

  • Eastern Europe: Former Soviet block states like Belarus host underground Internet forums that advertise for ransomware clients.

  • China: The Chinese government supports both state sponsored and independent groups that conduct activities based more on industrial espionage and denials of service rather than extensive ransomware attacks.

  • North Korea: Government sponsored ransomware groups represent a big source of cash income for North Korea because of the massive economic sanctions improved by western governments.

  • Iran: These groups have primary goals of political or economic retaliation rather than true ransomware attacks.

  • U.S. Based: These are definitely minor players because of the high apprehension risk by trying to operate domestically.

Top-10 Organizations at Greatest Risk to Ransomware Attacks:

  1. Manufacturing & Industrial: The associated downtime costs from cyber attacks, including the potential for supply chain disruption makes them particularly vulnerable.

  2. Healthcare Entities: Are particularly vulnerable because they electronically store patient health & financial information that is required to be protected under federal law.

  3. Financial Services: Such as banks, credit unions & insurance companies, because they can store millions of financial & personal records.

  4. Government & Public Sector: Are often targeted not only because they store sensitive information but provide critical services to the public such as police & emergency responders.

  5. Energy & Utilities: Computer system disruptions with these entities can cause disruptions negatively affecting millions of people and creating high visibility by media reports.

  6. Transportation & Logistics: Disruptions of their computer systems an have negative implications on the various segments of the nation’s supply chain.

  7. Educational Entities: Can hold personal & financial information on students & staff members and sometimes operated older, inadequate cybersecurity programs.

  8. Technology & IT Services: Are like manufactures and can ill afford lengthy system downtimes due to hacking.

  9. Professional Services: Such as law, accounting & engineer firms have systems that hold sensitive client data, contract information or valuable intellectual properties.

  10. Retailing: Particularly larger retailing and e-commerce establishments that have massive systems that can hold millions of sensitive customer payment information and because of their vulnerability to disruption of services.

Ransomware Attacks are a Serious Violation of Federal Law, more Specifically:

  • The Computer Fraud and Abuse Act (CFAA)

  • The Federal Extortion / Blackmail Statute

  • The Federal Wire Fraud Statue

  • Money Laundering Control Act

  • The Economic Espionage Act

  • The Trade Secrets Act

What the FBI Recommends Upon Discovering a Ransomware Attack:

  • Identify & Isolate: Upon discovery of the attack, immediately isolate the infected systems from the network to prevent the spread of the virus.

  • Document Evidence: Copy the ransom note, gather details on affected systems, and check for signs of data tampering.

  • Notify & Plan: Alert key personnel of the ransomeware attack to include your incident response team, management, legal counsel & the insurance carrier.

  • Secure Backups: Determine if your system backups are secure and capable of conducting a recovery.

  • Recover: Use your backups to restore systems after ensuring the threat is neutralized.

  • Consult & Report: Contact law enforcement (FBI/CISA) for possible decryption tools or assistance and file a report at IC3.gov.

The FBI Strongly Recommends that Victims of Ransomware Attacks Not Pay the Hacker Demands for the Following Reasons:

  • Only 60% of the corporate victims get their data back intact & uncorrupted.

  • Paying hackers only encourages them to continue their criminal activity.

  • Money paid to criminal hackers can be used to allow them to develop even more elaborate & sophisticated ransomware technology.

  • Hackers will often consider the organizations that paid their ransomware demands as “soft targets” making them more likely to be attacked again.

FBI Recommended Top-10 Best Practices to Avoid Ransomware Attacks:

  • Maintain Strong & Segmented Backups: Encrypt the data & store off-line or on a separate cloud account.

  • Have Multi-Factor Authentication: Required for all system logons, email access & critical systems.

  • Update Computer Operating Systems And Software Regularly: By using automatic updates to avoid staff inattention or neglect.

  • Train Staff in Cyber Crime Threats: Particular on common phishing & social engineering tactics & the reporting of suspicious emails.

  • Restrict and Monitor Computer System Access: By policies that see that users on get access to what they need & monitor for unusual user activities.

  • Develop & Implement a Cyber Incident Response Plan: That includes the tested protocols should the system be hacked or otherwise made unusable.

  • Monitor Network & Computer System Activities: Review network activity to include incoming communication.

  • Secure Remote Access: This is done through endpoint detection, activity logs & threat intelligence software.

  • Harden the Computer System & Network: Allow for only IT approved software to run on the system & block all suspicious IP’s & domains.

  • Report Ransomed Activities Immediately to the FBI: This can be done by calling the nearest FBI field office, or by emailing the FBI Internet Crime Complaint Center at “ic3.gov

The Key Takeaway With Ransomware Attacks:

An organization’s best option is preparation & prevention rather than paying criminals for ransomware attacks.

About the Author:

Rob Brooks is the Loss Control Manager for Centurion Insurance Services in Charleston, West Virginia. He has over 40-years experience in his profession having worked for some of the leading insurance carriers and brokers. Rob has professional certifications in both human resource management (CHRS) and workers compensation (CWCP) from Michigan State University’s School of Human Resources & Labor Relations.

Disclaimer:

  • This publication is intended for general educational purposes only, and not to be considered as business, financial or legal advice.

  • Centurion Insurance Services and the writer makes no guarantees or warranties of any kind, express or implied, about the reliability, completeness or suitability of the information contained herein.

  • Readers should consult with appropriate professionals before making any decisions based on the content of this newsletter.

  • We will not be liable for any losses or damages arising from the use of the information provided.



Back to Blog