US gov’t warns against paying off ransomware attackers
Companies facilitating ransomware payments run the
risk of facing stern penalties for violating US regulations
“Companies that facilitate
ransomware payments to cyber actors on behalf of victims, including financial
institutions, cyber insurance firms, and companies involved in digital
forensics and incident response, not only encourage future ransomware payment
demands but also may risk violating OFAC regulation,” reads the advisory, which
is intended to “highlight the sanctions risks associated with ransomware
payments related to malicious cyber-enabled activities”.
The warning is intended to
dissuade organizations from paying ransom fees especially to cybercriminal
gangs that have faced sanctions from the US government or are in any way
connected to blacklisted entities. The Lazarus Group, which US authorities believe orchestrated the WannaCry aka WannaCryptor attack in 2017, and Evil Corp, which is behind
the Dridex malware, are just two examples of such threat actors.
RELATED
READING: The cyber insurance question
Typically, ransomware
prevents access to a device or to data on it until the victim pays a fee. A
number of ransomware gangs have recently expanded their tactics adding a form of doxing wherein they comb
through the victims’ systems looking for sensitive data that they will then
threaten to release unless an additional fee on top of the ransom is paid.
To highlight the magnitude
of the ransomware scourge, OPAC referenced data from the FBI’s latest two Internet Crime Reports, which showed that reported ransomware cases
increased by one-third between 2018 and 2019. What’s more, losses emanating
from the incidents skyrocketed by almost 150 percent.
By paying the ransom fees,
said OFAC, the victims are also effectively encouraging cybercriminals to
continue and expand their operations and target other organizations. It’s also
worth mentioning that even if a company ultimately decides to pay the ransom there is no guarantee that the black hats
behind the attack will restore access to their systems or return any pilfered
data.
Indeed, organizations would
be better advised to take precautions that help them avoid ransomware attacks
in the first place. These should include routine employee training on cybersecurity
best practices, investing
in business continuity solutions, creating regular backups, disabling internet-facing RDPs
entirely as well as investing
in a reputable multilayered security solution. For further advice on how
organizations can protect themselves against ransomware you can refer to our
detailed white paper, Ransomware: An enterprise perspective.
