It’s official, now you can be sanctioned by the Foreign Assets Control (OFAC) for paying ransomware hackers to get your data and servers back. Ransomware attacks are already a very real and immediate threat for IT leaders. Ransomware costs the enterprise more than $8 billion annually with most organizations racking up more than $64K in downtime expenses alone.
And, in addition to the fresh set of sanctions, technology leaders have to keep up with the growing Cybersecurity threats to protect their remote workplace.
Approaches to securing the remote workforce are changing daily with new threats coming into focus including new COVID-19 malware.
“Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations.”
— Advisory, Department of the Treasury
Getting hit by a ransomware attack is already a dire threat to your business. Now, after a new advisory issued by the OFAC on October 1, 2020, technology leaders also have the danger of getting hit with sanctions by the US Treasury Department. Cybersecurity professionals and organizations are now faced with an extra layer of mitigation after being cautioned about potential US policy violations for organizations and individuals who pay ransomware attackers to restore their servers and data.
The advisory cites how payments to ransomware hackers can jeopardize national security.
“[R]ansomware payments to sanctioned persons or comprehensively sanctioned jurisdictions could be used to fund activities adverse to the national security and foreign policy objectives of the United States. Ransomware payments may also embolden cyber actors to engage in future attacks. In addition, paying a ransom does not guarantee that the victim will regain access to stolen data.”
— Advisory, Department of the Treasury
What You Need to Know About the Ransomware Sanctions Advisory
The advisory explains that the individuals and organizations making payments to ransomware hackers risk having those funds being used against the US, including in acts of international or domestic cyber terrorism.
OFAC warns that paying ransom to a sanctioned entity could result in civil penalties, regardless of whether or not you have direct knowledge of sending funds to a sanctioned entity.
The full advisory references the International Emergency Economic Powers Act (IEEPA) or the Trading with the Enemy Act (TWEA), prohibiting Americans from “engaging in transactions, directly or indirectly, with individuals or entities (“persons”) on OFAC’s Specially Designated Nationals and Blocked Persons List (SDN List), other blocked persons.” That list includes countries and regions like Cuba, the Crimea region of Ukraine, Iran, North Korea, and also Syria.
Ransomware Attacks Can Happen to Anyone
It cannot be overstated that more and more organizations are finding themselves, victim, to these Cybersecurity threats—specifically after the move to a fully remote workplace. Just recently, MicroAge’s Mark McNally shared after one of his clients, an enterprise auto-parts manufacturer, was under attack.
“This can happen anywhere,” Mark explained. “We had a quick time frame to get the client up and running to keep them in business. The good news is the ransomware attack recovery process made the client assess all of their software to prevent future cyberattacks from threatening their business.”
How to Avoid Sanctions for Ransomware Payments
If you dig deep into the details you’ll see that the Treasury OFAC will ease sanctions on ransomware victims who provide a “timely, complete report” of the ransomware attack to law enforcement.
The advisory states:
“OFAC will also consider a company’s full and timely cooperation with law enforcement both during and after a ransomware attack to be a significant mitigating factor when evaluating a possible enforcement outcome.”
Also, if a ransomware victim thinks the ransomware attacker could be a sanctioned entity, OFAC says they should contact the Treasury’s Office of Cybersecurity and Critical Infrastructure Protection “immediately”.
Prevention. Prevention. Prevention.
Of course, the best way to prevent ransomware attack sanctions is to prevent ransomware from threatening your business in the first place. That means having a robust security strategy that covers everything from educating your workforce; to backing up locally and on the cloud; to keeping your systems up-to-date; using regular security scans and assessments and early detection systems.
Protect your organization from costly ransomware attacks and sanctions.
Our security experts are here to help you prevent Cybersecurity threats before they occur, and to guide you in navigating the latest federal regulations. Schedule your security assessment to build out a robust security strategy for the new normal.