Ransomware – Getting More Expensive Due to OFAC Fines?

As if getting hit with ransomware wasn’t costly enough, a statement from The United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) indicates potential fines on companies who “facilitate ransom payments,” either directly or through third-party mitigators. The justification for the penalty is that ransom payments to malicious cyber entities and persons would “fund activities adverse to the United States’ national security and foreign policy objectives.” Specifically, these potential fines could be assessed for ransom payments made to foreign entities under OFAC sanctions such as the Lazarus Group and Evil Corp, although not limited to only those entities.

No fines currently exist, and the article indicates it is explanatory only and does not carry the force of law. It encourages the “[implementation of] a risk-based compliance program to mitigate exposure to sanctions-related violations.” This appears to be a polite way of giving U.S. companies a chance to step up their risk-avoidance activities before any formal actions occur, which would likely be civil and not criminal in nature.

computer security

 The advisory also indicates that businesses affected by ransomware should notify OFAC and other appropriate authorities immediately and that doing so could impact fines and penalties doled out by the organization. It stands to reason that companies who pay the ransoms simply need to get their businesses back up and running quickly.

The advisory creates concern and confusion for those companies holding cybersecurity insurance. Notably, most insurance contracts have a clause that states if funding a policy-related event violates any law, it will be declined. Will cyber insurance companies use this advisory to refuse payment for the ransom on cybersecurity incidents? 

This advisory comes in the midst of a particularly malware-active 2020, thanks in large part to COVID-19 scams as well as the upcoming election cycle in the United States. Several high profile companies, such as Pitney-Bowes, were hit for the second time in less than a year by groups known for double extortion tactics. Many attacks targeted government and public sector entities as well, exposing security holes either directly or through associated service providers.

Garmin, the GPS and smartwatch company, is a global company that lost functionality in several divisions after receiving a ransom note for USD 10 million. The amount actually paid is unknown but was still allegedly in the millions of dollars.

A few weeks ago, managed services provider Tyler Technologies, who services government entities and provides aggregation for election results in some cases, also announced a malware incident resulting in a paid ransom to return to service. The name of the trojan variant was “Ransom X (Ransom.exx),” and the ransom amount is unknown. In this case, an interesting note is that the compromise was supposedly human-initiated versus a phishing or malicious email—meaning an actual person targeted and implemented the attack.


What can I do to protect my data from ransomware?

Pretty much everyone agrees the best way to defend against—and recover from—a ransomware attack is to have good, reliable backups and a plan to put into action when the event occurs. Given the proliferation and intelligence of malware and hackers today, businesses need to get backups offsite and then guarantee the ability to cleanly recover if the remote backup files are encrypted or deleted. Malicious actors target these files first and then work backward into local backup files to secure their ransom or theft of data.

Global Data Vault introduced Enhanced Data Protection(EDP) to add additional security layers to your cloud backups. We recognized the need to provide a gap from your network and introduce security information and event management (SIEM) to watch for unexpected behavior from your backup environment to ours. We believe the most important thing is your data integrity, and we work hard to provide it.

Our customers rely on us for assistance and recovery in the event of a disaster or outage, including a ransomware incident. With EDP, we protect against insider threats, accidental deletions, and malicious activity targeting your cloud backup files. If ransomware encrypts or deletes these files, Global Data Vault can recover them from a “hidden” repository and make them accessible for you to restore. We even provide a sandbox to verify the data before bringing it back into your environment.

Instead of paying ransoms and possibly incurring fines from OFAC, you need a solution that you can rely on to have recoverable data, when you need it most. Contact us today to learn more!

More Cybersecurity Posts:

Does a Data Protection Audit Make You Nervous?

Does a Data Protection Audit Make You Nervous?

Does a Data Protection Audit Make You Nervous? Don't let the idea of a data protection audit make you nervous. While the word "audit" is often associated with something negative—tax audit, licensing audit, etc.—a data protection audit can produce positive results and...

Is Tik Tok as Dangerous as People Believe?

Is Tik Tok as Dangerous as People Believe?

Is TikTok as Dangerous as People Believe?   The following post is a summary of a blog article published by our cybersecurity partner BitLyft with additional comments by this author.  We have all seen the popularity of TikTok explode in recent months, perhaps due...

Cybersecurity Guide for Cloud Data Management

Cybersecurity Guide for Cloud Data Management

Cybersecurity Guide for Cloud Data Management: Backups and Disaster RecoveryWhen considering security for information technology resources and systems, companies face many challenges.  Not only must companies protect edge-facing (those that provide access to networks...

The Evil Corporation Behind WastedLocker

The Evil Corporation Behind WastedLocker

The Evil Corporation Behind WastedLockerWastedLocker malware is a new variant of ransomware developed by a Russian-based company formed to commit cybercrimes. Aptly named “Evil Corp,” the company began malware attacks in 2007, initially focusing on banks and became...