We are often asked by clients about what to do if you are hacked by some external entity and suffer damages as a result of the attack. The first inclination clients have after being robbed by cyber criminals is to contact the local police so they can track down the cyber-criminal, catch them and punish them. However, the law enforcement procedures that work for physical crimes do not work for cyber-crimes. Cyber-criminals are adept at covering their tracks, and most cyber-crime is initiated by foreign criminals well outside your local police’s jurisdiction.
The biggest problem is figuring out who the criminal is and where they are. If your office is broken into and all of the computers are stolen, who do you call? The local police. The police come and check out the crime scene, take pictures, look for finger prints, and gather other evidence. They work closely with county and state police to identify and catch the criminal. Cyber-crime is different. If you are the victim of a ransomware attack and report it to the local police, they will tell you they can’t help you. Why is that? Most ransomware attacks are initiated overseas. Since the cyber-criminals aren’t in the United States, local law enforcement has neither the tools nor the jurisdiction to chase the criminals. The only reason to engage local law enforcement after a cyber-crime is to file a police report for insurance reasons.
Several years ago I was at the New Jersey Cyber Security Summit at Kean University. I asked the panel–consisting of the State Policy, New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), Secret Service and FBI–who I should contact to report a ransomware attack. The looked at each other blankly. Clearly there was a gap in how law enforcement was going to respond to this growing threat.
Fast forward to today. The FBI office in Newark has a cyber-crime division. While they may not be able to reach out and arrest international criminals stealing our money, they do tabulate the attack information and work with their counterparts around the world to track down cyber-criminals. If your business is compromised by a ransomware attack, call the Newark FBI office at (973) 792-3000 and ask for the cyber-crime group to report the crime.
When we are engaged in resolving an attack on one of our clients, we write a summary of our findings about the attack and report it to NJCCIC. The report describes the type of attack and how it was carried out, but the name of the client is withheld. NJCCIC tabulates the data for threats happening across the Garden State and sends out advisories to participating companies on currently active threats. The advisory includes a description of the event and provides measures for protecting your systems from attack.
We are still behind the eight ball when it comes to chasing and catching cyber-criminals. With the new focus of the FBI and the reporting of NJCCIC, authorities have started what will be a long and difficult process for responding and stopping cyber-criminals.
Click HERE for more information on NJCCIC.