In a confidential “Flash” advisory dated March 26 sent as an alert to businesses and software security experts by the FBI, the Bureau is seeking help from U.S. businesses in the fight against cyber extortion.
The advisory screamed “We need your help!” as reported by Reuters who obtained the confidential alert put out by the FBI on March 25.
The FBI alert from Friday was seeking the assistance of white hat hackers, software security experts and businesses for emergency assistance in the Bureau’s investigation into a new type of ransomware known as MSIL/Samas.A.
The alert was sent out as a plea asking its recipients to contact the FBI immediately in the event of finding any evidence related to the ransomware if they have been targeted via phishing campaigns or even attacked.
Notably, the new strain of ransomware seeks to encrypt data on entire networks instead of typically targeting individual computers, which is usually known to be of the norm with ransomware strains.
Recipients of the alert are advised to contact the FBI’s CYWATCH cyber center to provide any evidence of the strain in order to help the FBI’s investigation.
The strain was first reported by the FBI on Feb 18 in an alert that contained some technical details about MSIL/Samas.A but did not seek any help at the time. The publication reported that the ransomware strain targets entire farms of servers running outdated versions of JBOSS, a business software.
In its alert, the FBI revealed that its investigators have discovered that hackers are using a software tool dubbed JexBoss in order to automate discovery of the vulnerable JBOSS systems. Once discovered, the vulnerable systems are targeted and attacked by remotely installing ransomware onto computers on the susceptible network.
The advisory, according to Reuters, stated:
The FBI is distributing these indicators to enable network defense activities and reduce the risk of similar attacks in the future.
The advisory, incidentally, includes a list of technical indicators to aid companies, businesses and computer security experts to determine signs of a MSIL/Samas.A attack.
Ransomware has become one of the most prominent strains of malware in recent times and has affected hundreds of thousands, if not millions of individuals around the world. More recently, hospitals are beginning to be targeted in ransomware attacks and such attacks have known to disrupt medical activities and patient care.
Featured image from Shutterstock.