Cyber Threat Response

Global cyber experts in your local community

Cyber threat response and assistance

FBI Cyber employs a global network of cyber threat experts to investigate cybercriminals, disrupt malicious cyber activity, seek justice, and prevent crime.

We provide information, experts, and capabilities to inform your cyber threat response
efforts. We even notify targeted entities who may be unaware they have been compromised and introduce them to decryption capabilities or other known mitigation tools, if available.

When possible, FBI Cyber will assist in freezing, seizing, and returning stolen and extorted funds.

FBI Cyber: Fact versus fiction

  •  The FBI provides information to help you respond to cyber intrusions. We do not restore systems or data.
  • The FBI works with your IT team to collect evidence about cybercrime, with your consent. We do not search for unrelated activity when investigating a cyber intrusion.
  • The FBI coordinates with your attorneys. We do not give legal or regulatory advice.
  • The FBI works with your press team upon request. We do not publicize your cyber intrusion.
  • The FBI seeks data about cybercriminals and shares this information with federal partners who have a need-to-know, like CISA. We do not seek information for regulatory purposes.

Download FBI Cyber Threat Response.pdf — 302 KB

Pre-intrusion tips

  • Connect. Determine who to contact before a cyber intrusion occurs.
    • FBI Field Offices: Learn who from your local field office to include in your cyber incident response plan and when to contact them. Explore opportunities for the FBI to join your tabletop exercises.
    • Private Incident Response Firms: These firms offer remediation services that the FBI does not. The FBI can share information with the firm you choose.
  • Stay Informed. Read the latest federal cyber alerts and implement their recommendations. Find them at ic3.gov, StopRansomware.gov, and cisa.gov.

Post-intrusion tips

  • Report. Notify the FBI with relevant cyber intrusion details.
  • Preserve. Collect indicators of compromise (malware samples, logs, and other relevant intrusion data).
  • Communicate. After reporting an intrusion, keep lines of communication open between your team and the FBI.
  • Share. The FBI relies on targeted entities sharing data so the FBI can investigate and disrupt perpetrators

How to contact FBI Cyber

Local or international FBI field offices: fbi.gov/contact-us
FBI Internet Crime Complaint Center (iC3): ic3.gov