While businesses may be tempted to make ransomware payments to quickly end the nightmare of a ransomware attack, it is one of the most dangerous decisions a business can make. Paying a ransom is not a guarantee that a company will be able to recover its data, and new regulations can hold the company legally accountable. Before that, you should have installed antivirus software on your computer.
OFAC October warning about ransomware payments
According to a report by the US Treasury Department's Office of Foreign Assets Control (OFAC), companies can now be legally held responsible for making a ransomware payment to a hacker affiliated with a group on OFAC's list of sanctioned organizations.
Noteworthy on this list are:
- EvilCorp, based in Russia, developer of the Dridex malware
- Lazarus Group, the Korea-backed organization behind the 2017 WannaCry attack
- Bluenoroff and Andariel, also associated with WannaCry
- Evgeniy Mikhailovich Bogachev, a Russian developer of CryptoLocker
A warning sent by OFAC in October warned companies that working with sanctioned individuals and organizations could violate OFAC rules. According to the warning, "OFAC may impose civil penalties for violating sanctions based on strict liability, which means that a person under US jurisdiction can be held civilly liable even if they did not know or had no reason to know that she was making a transaction with a person who is prohibited under OFAC sanctions laws and regulations ”.
Cyber insurance and IT forensics and cyber crisis response companies are the most common types of companies that help victims of ransomware attacks. Even financial firms, including custodians and monetary service providers, can face civil penalties, including fines. Also, according to OFAC, financial companies should consider their regulatory obligations about the Financial Crimes Enforcement Network.
The global rise in ransomware leaves companies struggling for help
The number of ransomware attacks has increased steadily since 2017. In 2020 alone, government, education, and health organizations lost $ 144 million to ransomware, with 966 attacks reported in the industry. Each of these industries was of essential importance in 2020 due to the COVID-19 pandemic, which makes them particularly interesting and vulnerable to attacks for hackers.
As a result of the increasing number of attacks, the demands on cyber insurance have also increased. In Europe, the Middle East, and Africa, ransomware attacks accounted for half of all cyber claims, compared to 13 percent in 2016. According to the Coalition's Cyber Insurance Claims Report, ransomware accounted for 41 percent of cyber claims in 2020 -Requirements.
In the past, most ransomware hackers demanded a ransom payment in exchange for encrypted data. Today we see more and more creative measures being taken, including threats to reveal a victim's stolen information and to divulge the personal information of a victim's customers and clients.
What has also changed are the targets of the ransomware attacks. SMBs that were once considered less interesting than big profit companies are becoming popular targets. The MSPs they rely on to keep their IT systems running are also increasingly being targeted.
According to Datto's' 2020 Global State of the Channel Ransomware Report, 60 percent of MSPs reported ransomware attacks against their SMB customers in 2020. Eleven percent reported that their customers experienced multiple attacks in a single day. European MSPs reported more ransomware attacks against customers than any other region: 85 percent. The United States came in second, with 77 percent of MSPs reporting attacks.
Phishing emails were the number one cause of ransomware attacks reported by MSPs, according to Datto. Bad user practices and a lack of cybersecurity training accounted for 27 percent and 26 percent of attacks, respectively. The average ransom was $ 5,600 in 2020, according to MSPs, a slight decrease from 2019. However, the cost of downtime increased exponentially from $ 141,000 in 2019 to $ 274,000 in 2020.
Paying the ransom is risky
Whether or not a cybercriminal or organization is sanctioned, paying a ransom carries a serious risk. According to the FBI, many companies that make ransomware payments are no longer able to access their data. In some cases - even if cybercriminals agree to share the data - the decryption tools are unreliable and sometimes even buggy.
Install Protegent360 free antivirus software
Additionally, and perhaps most importantly, paying a ransom encourages cybercriminals to (re) target both new and damaged businesses. The more successful an attack, the more likely it is that the attacker will repeat it to earn even more. If you have been the victim of an attack, you should report it immediately. Below are just a few helpful resources:
- This Europol list will guide you to the cybercrime authorities in your country.
- In the United States, you can contact the FBI's Internet Crime Complaint Center, as well as your local authorities.
- In MITER for a comprehensive list of active Cyber Crime organizations.
Comments
Post a Comment