Thinking of Paying Ransomware Hackers? You May Face Sanctions.

by Oct 9, 2020CMMA Blog, Cybersecurity, Data Protection, Ransomware0 comments

If ransomware wasn’t already causing IT professionals loss of sleep at night, a new advisory recently issued, just might. The U.S. Dept of Treasury has issued an advisory that focuses on the sanction risks associated with the ransomware payments related to malicious cyber activities. This means that not only do IT professionals need to ensure their network is secure, but if their organization solely relies on cyber insurance to get back to business quickly, they’ll need to be sure their company and their insurer or financial institution negotiating on their behalf are not funding terrorists organizations. The question is, how do companies and negotiators know who they’re dealing with? They don’t really know. Companies and their negotiators are still at risk of being held responsible regardless if the parties knew or had reason to know.

Making payments emboldens cyber criminals and perpetuates this vicious cycle of attacks and payments. Did you know there is a ransomware-as-a-service (RAS) offering and a help desk somewhere in the dark web? When your company pays the ransom, it is  funding these malicious operations. To protect your network, you pay top dollars to equip your data center with the latest in data protection. Next, you insure with the best cyber insurance policies available. All of this is good, but relying on cyber insurance to get back to business after a cyber event has become a national security issue. Enterprise organizations, whether private sector or government, need to step up their business continuity plans or they may risk violating OFAC regulations according to the U.S. Treasury Department. At the risk of sounding like a broken record (I’ve  blogged about this before), organizations need to turn the page on this chapter. Start by:

  1. Being pro-active in your data protection strategy – protecting your network comes in layers.
  2. Securing with an offline “air-gapped” copy (supplemental insurance).
  3. Organizations need to “unlearn” relying on cyber insurance to get back to business quickly.

Implementing point one and two from above will largely reduce your chances of having to pay ransomware, because you will be prepared with time-tested strategies that will help you get back to business quickly. For example, a solid backup strategy will include keeping a copy of your data disk (hot data), tape (offline) and offsite like the cloud (offsite). Put very simply, follow the backup rule of 3-2-1-1 , which means: 3 copies of your data, 2 different media types, one offsite, and one offline. The third point is behavioral, and it starts at the top by re-setting policies to get back online.

3211 pic

The volume of ransom payments will continue to increase rapidly unless victim behavior changes. All reports point to more aggressive cyber spying and targeted attacks with insidious methods that bypass behavioral algorithms used by cyber software companies. If criminals have the funds, they will find a way to penetrate your network and disable your online backups. Quantum has designed a solution to protect organizations against ransomware that enables faster recovery. This offers a true air-gapped ransomware protection with an offline, in-library vault for onsite backups. The benefits are:

  • Archive, on-site, long-term vaulting, replaces external shelf storage
  • Backup, short-term vault prior to sending offsite
  • Removes the need of manual handling tapes
  • Recover from an off-line copy in minutes when your online copy is compromised

Let’s remember, a virus cannot bypass a physical barrier formed between your data and the network. It is and will continue to be the most cost-effective form of ransomware protection. As you evaluate ransomware data protection strategies, think about the losses associated with a successful attack to your organization: revenue, clients, reputation, and more. Increase your awareness. You could possibly be sponsoring foreign cyber-terrorism. A small investment can reap a great return.

Article cited: https://home.treasury.gov/system/files/126/ofac_ransomware_advisory_10012020_1.pdf )

To view our Partner blog, click here