If your company was hit with ransomware, you might be wondering if you should contact the FBI after a ransomware attack, or other law enforcement. The quick answer is mostly yes, but with important caveats to consider. Because of the potential implications of public disclosure, you should consult legal counsel familiar with cybersecurity cases prior to reporting the event. The specialized lawyers are typically called cyber breach counsel, or breach counsel for short. If you have cyber breach insurance, you can expect to have two types of counsel involved, the insurance company’s counsel and your own breach counsel. If you are not instructed to get counsel, you should seriously consider doing so at your own expense for reasons covered below.
Most victims of ransomware are not only aghast, but also super stressed out, over what has happened to them. The ransomware attack likely has put them out of business for at least the near term, and in many cases, recovery is uncertain. Ransomware victims universally feel violated, and rightfully so. The information below will help empower you in many ways during the ransomware recovery process. With the added confidence, you will be able to make more rational decisions and fewer potentially irrevocable mistakes.
So, Should I Contact the FBI after a Ransomware Attack?
A ransomware attack is a serious crime. Many victims’ first inclination after they have considered their recovery options, is to report the crime to law enforcement. But before reporting your case, consider the below:
1. The FBI and other law enforcement are completely overwhelmed by reports of ransomware. There are at least 1,000 cyber breach attorneys in the US, some take on two or three cases per week. Most ransomware attacks don’t even involve a cyber breach lawyer. It is estimated that a victim falls prey to a ransomware and/or extortion attack every 11 seconds. It is possible that many days there are hundreds of attacks, even more on weekends and holidays when ransomware and other extortion gangs prefer to attack. The bottom line is, in our experience, the FBI and other agencies are less than 50% likely to call you back unless you are a high-profile victim.
2. You are only likely to have your case picked up if you are an entity of critical national importance, such as an energy company, large food producer, hospital, public utility, large school or a similar entity. For the most part, everyone else is ignored.
3. You can improve your chances of getting investigative attention from law enforcement if you have contacts like some of the cybersecurity professionals we employ at Alvaka Networks. These Alvaka professionals have long standing relationships with law enforcement and civilian advisory groups. They are members of groups like the FBI’s Infragard, US Secret Service’s Los Angeles Cyber Fraud Task Force, The Orange County Homeland Security Advisory Group, and others. Sometimes when your situation is examined, an argument can be made to pick up your case. However, even when you are successful in getting your case picked up, it is rare that charges are filed, and even less rare that you see a conviction. It can be worth some personal satisfaction that your case is being handled, but it regretfully won’t change the outcome much. Ransomware gangs are almost always in places they can’t be touched, like Russia, Ukraine, China, North Korea, and Iran.
4. You need to seriously consider whether you want to even report your case to law enforcement. There are serious potential civil, regulatory, and other legal considerations. At minimum, you should have an initial discussion with breach counsel. Even if you are unsure about your decision to hire one, they often change victims’ minds. Reporting can put your case out in the public domain for everyone to know. If you are attacked by ransomware, people will know that it is quite likely sensitive information was compromised. Those people will start wondering how they are impacted by the risk implications. Depending upon what happened, that might create legal liability for you. It might be better to keep the situation quiet and let the attorney direct the hiring of anyone you use to assist in the recovery. That way, any work they do has a chance of being considered privileged attorney work product. If someone decides to sue you, you may have attorney/client privilege to protect you. If under privilege, your cybersecurity professionals will be far less likely to divulge what happened unless ordered by a court. Without privilege, they may be forced to talk with a plaintiff attorney who will seek to use that information against you while claiming you were negligent in the protections you applied to your systems.
5. Cyber breach attorneys and insurers (if you are lucky enough to have coverage) will also bring an outstanding process to your ransomware recovery.
- Here is a link to some recommended cyber breach lawyers: Ransomware and Cyber Breach Law Firms & Lawyers.
- The following articles make the case for cyber breach insurance for future consideration: Top 5 Reasons to Buy Cyber Breach Insurance and How Much Cyber Breach Insurance Do I Need? The second link also includes a Ransomware Recovery Cost Calculator that can give you a general idea of how much a ransomware attack will cost you.
6. Lastly, engaging seasoned ransomware response professionals can be crucial in minimizing damage incurred. Here is a link of companies you should consider assisting you with a ransomware recovery: The Best Ransomware Removal Service Companies. Of course, Alvaka is one of the companies listed there, but all the firms are good.
If you have a current emergency, even if it is 2 AM on Sunday, Alvaka is staffed 24 hours a day in the U.S. to respond to your urgent needs. Call us at (949) 428-5001 and your call will get answered by our Network Operations Center (NOC). Our NOC engineers are instructed to ask you a specific set of questions and then connect you directly with one of our ransomware case managers, no matter the time of day or night!