The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued an advisory that warns organizations of potential sanctions should they facilitate ransomware payments related to malicious cyber activities.
Ransomware is a form of malicious software (also known as malware) designed to block access to a computer system or data. Malware often encrypts data or programs on IT systems to extort ransom payments from victims in exchange for decrypting the information and restoring victims’ access to their systems or data.
In addition to ransomware attacks, cybercriminals threaten to publicly disclose victims’ sensitive files. They then demand a ransomware payment, usually through cryptocurrency, in exchange for a key to decrypt the files and restore victims’ access to systems or data.
Ransomware attacks have become more focused, sophisticated, costly, and numerous in recent years. According to the Federal Bureau of Investigation, ransomware cases increased by 37 percent and associated losses rose by 147 percent from 2018 to 2019. Ransomware attacks target organizations indiscriminately, from large- to small- and medium-sized businesses, local government agencies, hospitals, and school districts, which may be more vulnerable as they might not have the resources to invest in cybersecurity measures.
Ransomware payments not only lead to enormous losses but also undermine U.S. national security and foreign policy objectives.
According to the advisory, “Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations.”
Organizations are advised to proactively develop a senior management-supported cybersecurity plan in preparation for a ransomware attack. Make sure the sanctions risk is clearly communicated to all relevant employees and understood by all decision-makers concerned.
Nashville cybersecurity service expert ImageQuest remains steadfast in its recommendation: Don’t pay. Keep backups current and tested regularly. Some companies are under the impression that ransomware payments are the fastest way to resume operations, but these might lead to more legal problems in the long run.
ImageQuest partners with the industry’s most reliable security vendors to give clients robust and sophisticated cyber protection. Sophisticated machine learning is used to help security engineers focus on intrusions and anomalous behavior. With 95% of attacks beginning with malicious email, ImageQuest blocks any suspicious content before it even hits your server. Get in touch today to learn more.