OFAC Penalties for Ransomware Payments

Immediately Notify OPEC in the Event of a Ransomware Attack

 The advisory also indicates that businesses affected by ransomware should notify OFAC and other appropriate authorities immediately and that doing so could impact fines and penalties doled out by the organization. It stands to reason that companies who pay the ransom simply need to get their businesses back up and running quickly.

The advisory creates concern and confusion for those companies holding cybersecurity insurance. Notably, most insurance contracts have a clause that states if funding a policy-related event violates any law, it will be declined. Will cyber insurance companies use this advisory to refuse payment for the ransom on cybersecurity incidents? 

This advisory comes in the midst of a particularly malware-active 2020, thanks in large part to COVID-19 scams as well as the upcoming election cycle in the United States. Several high-profile companies, such as Pitney-Bowes, were hit for the second time in less than a year by groups known for double extortion tactics. Many attacks targeted government and public sector entities as well, exposing security holes either directly or through associated service providers.

Garmin, the GPS and smartwatch company, is a global company that lost functionality in several divisions after receiving a ransom note for USD 10 million. The amount actually paid is unknown but was still allegedly in the millions of dollars.

Email Initiated Ransomware Attack

A few weeks ago, managed services provider Tyler Technologies, who services government entities and provides aggregation for election results in some cases, also announced a malware incident resulting in a ransomware payment to return to service. The name of the trojan variant was “Ransom X (Ransom.exx),” and the ransom amount is unknown. In this case, an interesting note is that the compromise was supposedly human-initiated versus a phishing or malicious email—meaning an actual person targeted and implemented the attack.

What can I do to protect my data from ransomware?

Pretty much everyone agrees the best ransomware protection is to have good, reliable backups and a plan to put into action when the event occurs. Given the proliferation and intelligence of malware and hackers today, businesses need to get backups offsite and then guarantee the ability to cleanly recover if the remote backup files are encrypted or deleted. Malicious actors target these files first and then work backward into local backup files to secure their ransom or theft of data.

Global Data Vault introduced Enhanced Data Protection(EDP) to add additional security layers to your cloud backups. We recognized the need to provide a gap from your network and introduce security information and event management (SIEM) to watch for unexpected behavior from your backup environment to ours. We believe the most important thing is your data integrity, and we work hard to provide it.

Our customers rely on us for assistance and recovery in the event of a disaster or outage, including a ransomware incident. With EDP, we protect against insider threats, accidental deletions, and malicious activity targeting your cloud backup files. If ransomware encrypts or deletes these files, Global Data Vault can recover them from a “hidden” repository and make them accessible for you to restore. We even provide a sandbox to verify the data before bringing it back into your environment.

Instead of paying ransoms and possibly incurring fines from OFAC, you need a solution that you can rely on to have recoverable data, when you need it most. Contact us today to learn more!

More Cybersecurity Posts: