Support: (615) 499-7801

Ransomware payments may add U.S. sanctions to your costs

Stop paying ransom ImageQuest

Did you know – the U.S. Treasury Department has warned that making ransomware payments could bring sanctions on your organization.

The warning also applies to banks and insurance companies, as well as firms negotiating the payments.

This is because ransomware can come from a sanctioned country or bad actor. For example, one U.S. sanctioned country, North Korea, uses ransomware attacks to raise funds.

Ransomware payments circumvent those sanctions – and encourage repeat attacks.

“Ransomware payments benefit illicit actors and can undermine the national security and foreign policy objectives of the United States,” the Treasury department said in an advisory. “For this reason, license applications involving ransomware payments demanded as a result of malicious cyber-enabled activities will be reviewed by OFAC on a case-by-case basis with a presumption of denial.”

OFAC is the  U.S. Department of the Treasury’s Office of Foreign Assets Control.

The Treasury Department’s advisory also encourages ransomware victims to report their attacks. You can read the complete advisory here.

We mention this in light of the Colonial Pipeline CEO, Joseph Blount, telling the Wall Street Journal he felt he had to pay the ransom “given the stakes involved in a shutdown of such critical energy infrastructure.”

However, our advice remains: Don’t pay. Keep your backups current and test them regularly. We recommend three backup files, with one kept offline.

And consider Colonial’s experience. They paid the ransom, got an encryption key – but wound up still using their backup files. The encryption tool worked too slowly to be of much use.

The U.S. Justice Department and several security firms have formed cybersecurity task forces, and early comments suggest one focus may be disrupting cryptocurrency markets. Bad actors seek payment in cryptocurrency because currently it cannot be easily traced.

But until then, be proactive with your IT security and employee training. Back up your data frequently, test it to make sure you can restore, and have a plan in place if an attack occurs.

Don’t add to your misery by being unprepared.

Need help? Book a chat with us!

More resources:

Managed IT Services Nashville