risk management

Ransomware is one of the most popular types of attacks hackers use to fulfill their goals. It is pretty lucrative and works well for those involved in financial cybercrimes. Businesses across the globe suffer from ransomware, with the average payment being more than $178,000 in the first quarter of 2020. Organizations are always on the lookout for external cybersecurity and risk management service providers to help them improve their IT security outlook.


However, some continue to underestimate the consequences of ransomware and other cyberattacks and aren’t willing to spend money on improving their cybersecurity outlook. If you’ve been a victim of ransomware, you’d have to decide whether to pay the money or not. Companies can be retargeted to squeeze out more money from them.


Companies are also hesitant in reporting such attacks to the relevant organization. However, you should hesitate and report the attack immediately. Let’s look at some of the best practices to report ransomware attacks.

Reporting to FBI

Paying the ransom to attackers is ultimately your decision. However, it is essential to keep the FBI in the loop. If you’ve been a victim of ransomware, then you should provide law enforcement agencies with as much detail as possible. You can file a complaint to the Internet Crime Complaint Center as it helps them track ransomware incidents within the country and globally. The information can be valuable when prosecuting attackers.


Alternatively, you can also contact your nearest FBI field office, where they will listen to your concerns and act accordingly. Officers will typically require the following information:

  • Date of the attack.
  • How the attack occurred.
  • The ransom was demanded from the company.
  • Any amount paid yet.
  • The ransomware variant.
  • Comprehensive details about your company.
  • The impact statements
  • Losses due to the ransomware attack.

Reporting to CISA

Like the FBI, you are better off reporting the ransomware attack to the CISA. They have more specific reporting requirements and will ask the following questions:

  • The level of impact on the company’s functions.
  • The type of information targeted by the attackers.
  • The resources and time needed to recover from the incident.
  • Where did the activity take place initially?
  • The number of users, systems, and records affected.
  • Point of contact for further follow-up.


Apart from the information mentioned above, you also need to provide CISA with details about the attack vector the efforts undertaken to avoid such attacks in the future. The National Cybersecurity and Communications assigns a severity score on the attack based on the information provided. The score helps CISA to objectively review the attack and determine whether the attack compromised national security or not.

cybersecurity and risk management consultants.

Next Steps

Reporting ransomware attacks is the first step in creating a comprehensive security plan to avoid future attacks. Once you have reported a ransomware attack and taken steps to recover from it, you need to improve your current IT infrastructure so that it can withstand such attacks.


If you don’t have the necessary in-house expertise to handle such tasks, it is always good to consult an IT cybersecurity consultant to help you devise a robust plan and improve your current infrastructure. If you’re on the lookout for expert cybersecurity consulting services, then check out 3i International.


We are a leading IT support managed service provider that is helping businesses in various sectors to improve their security infrastructure. We can also help you with cloud infrastructure management, proactive IT support, and more.


Visit our website for more information. Alternatively, get in touch with us today to get started.