If your company was hit with ransomware, you might be wondering if you should contact the FBI after a ransomware attack, or other law enforcement. The quick answer is mostly yes, but with important caveats to consider. Because of the potential implications of public disclosure, you should consult legal counsel familiar with cybersecurity cases prior to reporting the event. The specialized lawyers are typically called cyber breach counsel, or breach counsel for short. If you have cyber breach insurance, you can expect to have two types of counsel involved, the insurance company’s counsel and your own breach counsel. If you are not instructed to get counsel, you should seriously consider doing so at your own expense for reasons covered below.

Most victims of ransomware are not only aghast, but also super stressed out, over what has happened to them. The ransomware attack likely has put them out of business for at least the near term, and in many cases, recovery is uncertain. Ransomware victims universally feel violated, and rightfully so. The information below will help empower you in many ways during the ransomware recovery process. With the added confidence, you will be able to make more rational decisions and fewer potentially irrevocable mistakes.

So, Should I Contact the FBI after a Ransomware Attack?

A ransomware attack is a serious crime. Many victims’ first inclination after they have considered their recovery options, is to report the crime to law enforcement. But before reporting your case, consider the below:

1. The FBI and other law enforcement are completely overwhelmed by reports of ransomware. There are at least 1,000 cyber breach attorneys in the US, some take on two or three cases per week. Most ransomware attacks don’t even involve a cyber breach lawyer. It is estimated that a victim falls prey to a ransomware and/or extortion attack every 11 seconds. It is possible that many days there are hundreds of attacks, even more on weekends and holidays when ransomware and other extortion gangs prefer to attack. The bottom line is, in our experience, the FBI and other agencies are less than 50% likely to call you back unless you are a high-profile victim. Law enforcement agencies of all types are simply overwhelmed with case load. They are more focused on taking down the ransomware gang over working with individual victims.

2. You are only likely to have your case picked up if you are an entity of critical national importance, such as an energy company, large food producer, hospital, public utility, large school or a similar entity. For the most part, everyone else is ignored. But even in these scenarios, the FBI is more focused on conducting an investigation rather than helping you recover from the crime.

3. You can improve your chances of getting investigative attention from law enforcement if you have contacts like some of the cybersecurity professionals we employ at Alvaka Networks. These Alvaka professionals have long standing relationships with law enforcement and civilian advisory groups. They are members of groups like the FBI’s Infragard, US Secret Service’s Los Angeles Cyber Fraud Task Force, The Orange County Homeland Security Advisory Group, and others. Sometimes when your situation is examined, an argument can be made to pick up your case. However, even when you are successful in getting your case picked up, it is rare that charges are filed, and even less rare that you see a conviction. It can be worth some personal satisfaction that your case is being handled, but it regretfully won’t change the outcome much. Ransomware gangs are almost always in places they can’t be touched, like Russia, Ukraine, China, North Korea, and Iran.

4. You need to seriously consider whether you want to even report your case to law enforcement. There are serious potential civil, regulatory, and other legal considerations. At minimum, you should have an initial discussion with breach counsel. Even if you are unsure about your decision to hire one, they often change victims’ minds. Reporting can put your case out in the public domain for everyone to know. If you are attacked by ransomware, people will know that it is quite likely sensitive information was compromised. Those people will start wondering how they are impacted by the risk implications. Depending upon what happened, that might create legal liability for you. It might be better to keep the situation quiet and let the attorney direct the hiring of anyone you use to assist in the recovery. That way, any work they do has a chance of being considered privileged attorney work product. If someone decides to sue you, you may have attorney/client privilege to protect you. If under privilege, your cybersecurity professionals will be far less likely to divulge what happened unless ordered by a court. Without privilege, they may be forced to talk with a plaintiff attorney who will seek to use that information against you while claiming you were negligent in the protections you applied to your systems.

5. Cyber breach attorneys and insurers (if you are lucky enough to have coverage) will also bring an outstanding process to your ransomware recovery.

6. Lastly, engaging seasoned ransomware response professionals can be crucial in minimizing damage incurred. Here is a link of companies you should consider assisting you with a ransomware recovery: The Best Ransomware Removal Service Companies. Of course, Alvaka is one of the companies listed there, but all the firms are good.

If you have a current emergency, even if it is 2 AM on Sunday, Alvaka is staffed 24 hours a day in the U.S. to respond to your urgent needs. Call us at (949) 428-5001 and your call will get answered by our Network Operations Center (NOC). Our NOC engineers are instructed to ask you a specific set of questions and then connect you directly with one of our ransomware case managers, no matter the time of day or night!

Key Words:

Cyber Breach Counsel: Specialized lawyers or team of legal experts who specialize in providing advice, guidance, and legal services related to cybersecurity breaches.

Cyber Breach Insurance: A type of insurance policy designed to help organizations mitigate the financial losses and liabilities associated with cybersecurity incidents and data breaches. Cyber breach insurance typically provides coverage for various aspects of a cybersecurity incident, including: Data breach response costs, data recovery & restoration, legal & regulatory costs, business interruption, extortion & ransom payments, cyber liability, cybercrime coverage, and public relations & reputation management.

Cyber Breach Lawyer: An attorney who specializes in legal matters related to cybersecurity incidents and data breaches. These legal professionals focus on helping individuals and organizations navigate the complex legal and regulatory landscape associated with cybersecurity and data privacy.

FBI’s Infragard: A public-private partnership program in the United States that focuses on critical infrastructure protection and information sharing related to cybersecurity threats and other security issues. It is coordinated by the Federal Bureau of Investigation (FBI) and involves collaboration between federal law enforcement agencies, private sector organizations, academic institutions, and state and local government agencies. The primary goal of InfraGard is to enhance the protection and resilience of critical infrastructure sectors, such as energy, transportation, finance, healthcare, and telecommunications, against various threats, including cyberattacks, terrorism, and other security risks.

US Secret Service’s Los Angeles Cyber Fraud Task Force: A specialized law enforcement unit that focuses on investigating cybercrimes and fraud-related offenses in the Los Angeles area. The U.S. Secret Service, primarily known for its protective mission, also has a significant role in combating financial and electronic crimes, particularly those involving counterfeiting, financial fraud, and cybercrime.

Click HERE to more about our Ransomware Prevention and Recovery Services! We are available 24×7 to assist you with any of your ransomware needs.

ransomware resources
Contact Alvaka