Emergency Services Sector

The Emergency Services Sector (ESS) is a community of millions of highly-skilled, trained personnel, along with the physical and cyber resources, that provide a wide range of prevention, preparedness, response, and recovery services during both day-to-day operations and incident response. 

Supporting Ransomware Awareness Products

  • Conti Ransomware Healthcare Networks
    • The FBI identified at least 16 Conti ransomware attacks targeting US healthcare and first responder networks, including law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities within the last year. The data from this document is provided to help cyber security professionals and system administrators guard against the persistent malicious actions of cyber actors.
  • Cyber Investigation Prep - General Audience (Handout)
    • Preparation includes developing an incident response plan, and is key to an effective response that minimizes harm and expedites recovery. One way to accomplish that is to establish a point of contact with your local FBI field office. This document contains information about working with your local FBI office.
  • FBI Cyber Investigative Response Key Considerations
    • Key considerations from the FBI on conducting an investigation.
  • Joint Cybersecurity Advisory: Darkside Ransomware
    • Best practices for preventing business disruption from Darkside ransomware attacks.
  • FBI Private Industry Notification: Egregor Ransomware
    • The FBI first observed Egregor ransomware in September 2020. To date, the threat actors behind this ransomware variant claim to have compromised over 150 victims worldwide. 
  • FBI Flash: Mamba Ransomware
    • Mamba ransomware has been deployed against local governments, public transportation agencies, legal services, technology services, industrial, commercial, manufacturing, and construction businesses. Mamba ransomware weaponizes DiskCryptor—an open source full disk encryption software— to restrict victim access by encrypting an entire drive, including the operating system.
  • FBI Public Service Announcement: Distance Learning
    • The FBI is raising awareness for parents and caregivers of school-age children about potential disruptions to schools and compromises of private information, as cyber actors exploit remote learning vulnerabilities.
  • FBI Flash: Increase in PYSA Ransomware Targeting Education Institutions
    • FBI reporting has indicated a recent increase in PYSA ransomware targeting education institutions in 12 US states and the United Kingdom. PYSA, also known as Mespinoza, is a malware capable of exfiltrating data and encrypting users’ critical files and data stored on their systems.