Ransomware: The true cost is higher than you think

At the beginning of October, the US Department of Treasury sent out a ransomware advisory on the potential sanctions risks for facilitating ransomware payments.

According to the advisory, demand for ransomware payments has increased during the COVID-19 pandemic as cyber actors target online systems that we rely on to continue conducting business. These increased attacks mean that businesses are paying the ransoms to get their data back because they do not have a data protection strategy in place. Paying the ransom only encourages future ransomware payment demands but also may risk violating OFAC regulations.

US citizens are generally prohibited from engaging in transactions, directly or indirectly, with individuals or entities on OFAC’s Specially Designated Nationals and Blocked Persons List (SDN List), other blocked persons, and those covered by comprehensive country or region embargoes. OFAC may impose civil penalties for sanctions violations based on strict liability, meaning that a person subject to U.S. jurisdiction may be held civilly liable even if it did not know or have reason to know it was engaging in a transaction with a person that is prohibited under sanctions laws and regulations administered by OFAC.

A quick overview of ransomware:

Ransomware is a form of malware (short for malicious software) that encrypts a victim’s files, holding them hostage until the ransom is paid. The ransom costs typically range between a few hundred dollars to a few thousand (depending on the criminal and the organization they are targeting), and most cybercriminals demand payment in cryptocurrencies.

Though ransomware has been around for decades, the invention of cryptocurrencies has made it easier than ever for cybercriminals to extort victims. The fact that cryptocurrencies don’t rely on central authorities such as banks also makes it harder to trace, hindering law enforcement efforts to identify individuals behind these attacks.

How Can I Protect Against Ransomware?

With a continually changing and evolving technology landscape, cyber-attacks like ransomware evolve and change too. This means there is no way to protect your data completely. However, there are several things you can do to minimize your risk of infection and safeguard your digital assets even if you fall victim.

1. Invest in employee training: Your employees are your first line of defense when it comes to ransomware.  Security Awareness Training will train employees to recognize malicious phishing attempts and give them the knowledge to protect your business.
2. Create a Data protection strategy: Design, implement and frequently test a data protection strategy to meet your business’s requirements. Closely follow industry best practices by ensuring that data is protected across multiple locations and different media to ensure the ability to recover data that has been attacked. Test and validate the ability to recover data.
3. Implement access restrictions: Not everyone in your organization needs to be able to access everything. Employees should only be granted access to data and system areas that they need to do their job, and all devices that can access your organization’s network should have robust security programs installed.
4. Strengthen inbox security- You should protect all incoming email against phishing and malware, and take steps to protect domain names, employee names, email addresses, and other company identifiers from spoofing.
5. Keep all systems up to date- Make sure that all software, including anti-virus software, is kept up to date. Patches let cybercriminals know exactly where vulnerabilities in older versions of the software exist, making it easier for them to gain access to out of date programs.

What to do if you are a victim of ransomware:

2. Contact your Managed Service Provider. Not everyone is a cybersecurity or ransomware expert, and that is okay. Many small and medium-sized organizations may not have the resources or people power to justify supporting an in-house cybersecurity team, and instead place their trust in Managed Service Providers like Atom Creek. We can help you craft and implement robust cybersecurity protocols, offer employee cybersecurity training, and help you limit or mitigate the damage if a breach does occur. 
3. Contact OFAC immediately if you believe a request for a ransomware payment may involve a sanction nexus.
4. Contact the U.S. Department of the Treasury’s Office of Cybersecurity and Critical Infrastructure Protection if an attack involves a U.S. financial institution or may cause significant disruption to a firm’s ability to perform critical financial services.

The best thing you can do to protect your organization is to take preemptive measures. After all, the best cybersecurity defense is taking steps to avoid an incident in the first place.

You can find more information on Ransomware and how Atom Creek can help HERE

You can find the full advisory here: https://home.treasury.gov/system/files/126/ofac_ransomware_advisory_10012020_1.pdf