Ransomware attacks have become so common, it seems we hear about new and worse ones almost on a daily basis. So much so that the U.S. government is directly addressing the issue with a pair of new advisories. The advisories, published by the US Treasury Department’s Office of Foreign Assets Control (OFAC) and The Financial Crimes Enforcement Network (FinCEN) warn any individual, business, or organization against paying attackers and caution that assisting or facilitating payments is a problem as well.
Last year, cybersecurity expert John Reed Stark wrote that most corporations secretly choose to pay ransomware attackers and that “It is not surprising that paying ransomware attackers has become as routine a cost of business as paying the electric bill – but what is surprising (and shocking) is that no one seems to care.”
Now, it’s clear that the government cares deeply about this issue. Here’s what you need to know about the severity of the treat, and why you should never agree to pay ransom.
Ransomware is considered the fastest-growing malware threat, demonstrating an alarming growth rate in the past couple of years. The COVID-19 outbreak has made things much worse, with the frequency of ransomware attacks more than doubling year-over-year in the U.S.. A report issued by the Europol’s European Cybercrime Centre directly connects the pandemic with the spike in attacks.
In its latest advisories, the U.S. government states that known criminal entities under sanction are responsible for many of these attacks. Attackers often belong to criminal organizations based in Russia, Iran, and other locations. These organizations are already under sanction due to cybercriminal activities that include attacks targeting governmental and financial institutions in the U.S. and other countries.
The advisories clearly explain that paying or facilitating payment in any way to a sanctioned entity is illegal. The government advises that business or individual victims who choose to pay ransomware attackers might find themselves subject to government sanctions and fines.
Cause and effect: The consequences of paying the ransom
There are several solid reasons why paying a ransom isn’t wise:
- Enabling the next attack: Security expert James McQuiggan compares ransomware attackers to the Mafia and explains that “The U.S. government’s recommendation of not paying comes with a similar notion of not negotiating with terrorists...the anticipated action of reducing ransomware attacks.” When cybercriminals get their way, it encourages them to keep going and attack the next victim.
- It might not help: Unsurprisingly, criminals cannot be trusted. Paying the ransom might not get your data back as expected. Victims risk losing the money and their data as well as facing sanctions. It’s also important to keep in mind that repeat attacks are a growing phenomena as well. More than half of companies hit with ransomware attack are attacked again, possibly by the same attackers.
- You don’t know who you’re paying: Ransomware attackers’ true identity usually remains unknown even after the payment is made. Victims might unknowingly find themselves funding sanctioned individuals or groups that cause a great deal of harm.
- Mandatory reporting: Financial institutes are obligated to report such payments to the government, meaning that any bank involved in transmitting the payment will inform authorities, thus exposing paying victims to legal risk.
- There’s no real insurance: Some companies choose to carry cybersecurity insurance that also covers ransomware attacks. In fact, in the first half of 2020, ransomware incidents were responsible for more than 40% of cyber insurance claims. However, the insurance company may refuse payouts ransomware victims who paid a sanctioned entity, even if they did so unknowingly.
A victim no more: What to do instead
Now that we’ve established that paying attackers is out of the question, what should companies or individuals do if they fall victims to a ransomware attack?
First, if you’re still considering paying the ransom, read this article and the government advisories once again. Then, contact U.S. officials and offer your full cooperation. This will minimize the risk of being penalized while helping authorities prevent the next attack. Paying a ransom is playing into criminals’ hands, so make sure to remain on the right side of the law.
Most importantly, don’t be a sitting duck. There’s absolutely no reason for you to wait for an attack to happen without acquiring strong ransomware protection. It’s time to take back control over your data. Stay one step ahead and schedule a demo to see Minerva Labs’ ransomware protection solution in action.