As if getting hit with ransomware wasn’t costly enough, a statement from The United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) titled: Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments indicates potential fines on companies who “facilitate ransomware payments,” either directly or through third-party mitigators. The justification for the penalty is that ransom payments to malicious cyber entities and persons would “fund activities adverse to the United States’ national security and foreign policy objectives.” Specifically, these potential fines could be assessed for ransomware payments made to foreign entities under OFAC sanctions such as the Lazarus Group and Evil Corp, although not limited to only those entities.
No fines currently exist, and the article indicates it is explanatory only and does not carry the force of law. It encourages the “[implementation of] a risk-based compliance program to mitigate exposure to sanctions-related violations.” This appears to be a polite way of giving U.S. companies a chance to step up their risk-avoidance activities and protect against ransomware before any formal actions occur, which would likely be civil and not criminal in nature.
Immediately Notify OPEC in the Event of a Ransomware Attack
The advisory also indicates that businesses affected by ransomware should notify OFAC and other appropriate authorities immediately and that doing so could impact fines and penalties doled out by the organization. It stands to reason that companies who pay the ransom simply need to get their businesses back up and running quickly.
The advisory creates concern and confusion for those companies holding cybersecurity insurance. Notably, most insurance contracts have a clause that states if funding a policy-related event violates any law, it will be declined. Will cyber insurance companies use this advisory to refuse payment for the ransom on cybersecurity incidents?
This advisory comes in the midst of a particularly malware-active 2020, thanks in large part to COVID-19 scams as well as the upcoming election cycle in the United States. Several high-profile companies, such as Pitney-Bowes, were hit for the second time in less than a year by groups known for double extortion tactics. Many attacks targeted government and public sector entities as well, exposing security holes either directly or through associated service providers.
Garmin, the GPS and smartwatch company, is a global company that lost functionality in several divisions after receiving a ransom note for USD 10 million. The amount actually paid is unknown but was still allegedly in the millions of dollars.
Email Initiated Ransomware Attack
A few weeks ago, managed services provider Tyler Technologies, who services government entities and provides aggregation for election results in some cases, also announced a malware incident resulting in a ransomware payment to return to service. The name of the trojan variant was “Ransom X (Ransom.exx),” and the ransom amount is unknown. In this case, an interesting note is that the compromise was supposedly human-initiated versus a phishing or malicious email—meaning an actual person targeted and implemented the attack.
What can I do to protect my data from ransomware?
Pretty much everyone agrees the best ransomware protection is to have good, reliable backups and a plan to put into action when the event occurs. Given the proliferation and intelligence of malware and hackers today, businesses need to get backups offsite and then guarantee the ability to cleanly recover if the remote backup files are encrypted or deleted. Malicious actors target these files first and then work backward into local backup files to secure their ransom or theft of data.
Global Data Vault introduced Enhanced Data Protection(EDP) to add additional security layers to your cloud backups. We recognized the need to provide a gap from your network and introduce security information and event management (SIEM) to watch for unexpected behavior from your backup environment to ours. We believe the most important thing is your data integrity, and we work hard to provide it.
Our customers rely on us for assistance and recovery in the event of a disaster or outage, including a ransomware incident. With EDP, we protect against insider threats, accidental deletions, and malicious activity targeting your cloud backup files. If ransomware encrypts or deletes these files, Global Data Vault can recover them from a “hidden” repository and make them accessible for you to restore. We even provide a sandbox to verify the data before bringing it back into your environment.
Instead of paying ransoms and possibly incurring fines from OFAC, you need a solution that you can rely on to have recoverable data, when you need it most. Contact us today to learn more!
More Cybersecurity Posts:
How many types of insider threats are there? One? Three? Six? All of the above is likely correct, although most people would indicate one commonality in their answers: humans. Most would also separate this human threat into three categories: compromised, negligent,...
[Disclaimer – Global Data Vault has no affiliation with MDM vendors, does not endorse, and is not endorsed by MDM/EMM/UEM vendors] We all know that mobile devices are increasing in popularity. In 2018, a Gartner study indicated over 20 billion mobile devices were...
Don't let the idea of a data protection audit make you nervous. While the word "audit" is often associated with something negative—tax audit, licensing audit, etc.—a data protection audit can produce positive results and show areas of improvement before potentially...
The following post is a summary of a blog article published by our cybersecurity partner BitLyft with additional comments by this author. We have all seen the popularity of TikTok explode in recent months, perhaps due to shelter-in-place orders and people...