Your day couldn't be going worse. Someone in the office clicked on a link they shouldn't have. Now the entire network is compromised with Ransomware. Your cybersecurity hygiene practices weren't the best, to begin with. You haven't been doing what you should be doing. Your data wasn't backed up, and you can't restore your end-points. The only option left is to pay the attacker's ransom and unlock your data. Things couldn't get worse, right?
Boy howdy would you ever be wrong! According to a recent press release from the Department of the Treasury, you might be required to pay a hefty fine if the attacker is located in a country under economic sanctions from the United States government.
The release, dated October 1st, and issued by the Treasury's Office of Foreign Asset Control (OFAC), states that if you're paying a ransom to unlock your files, you're aiding the attackers financially and, as a result, liable to face the same sanctions as the would-be-attacker.
How's it work?
Okay, so, as you may or may not already know, the Feds put economic sanctions on foreign governments that don't play nicely with the United States. Russia, Iran, to name a few, both have economic sanctions levied against them. Companies that do business directly with those governments are fined large sums of money. You know...unless they contribute to a re-election campaign or two.
What can you do to protect yourself?
There are a lot of things you can do to protect yourself from a Ransomware attack. Here are a few suggestions:
- Protect your devices with a next-gen endpoint protection product - Traditional endpoint protection products rely on outdated means of detection (like looking for specific signatures). Newer products like Blackberry Protect (formerly Cylance) uses machine learning and artificial intelligence to determine whether or not software that's trying to run on your machine is hazardous or not.
- Protect your email inbox - Where something like Blackberry Protect will safeguard your endpoint, applying services like those from Area1 or Cyren can protect your email inbox as well. Emails containing malicious links are a primary cause of ransomware infection. Services like Area1 and Cyren scans your inbox for those nefarious links before someone can click on it and lets the user know not to, or stops them from doing so altogether.
- Cybersecurity awareness training - This should be a no brainer for people, but it's often overlooked almost entirely. Adequate security awareness training is often the first, and potentially the BEST line of defense a company has against a cyberattack. A well-educated workforce is more likely to notice something like a social engineering attack before it has a chance to harm your businesses. You, your coworkers, or employees have a much better chance at stopping a ransomware infestation if they know first hand what to look for.
Are you really at risk of paying a fine?
That's tough to say. OFAC means business. There's not much the Fed likes that roasting somebody over the coals for cold hard cash. The problem, usually, is they don't know where to look and almost rely on some sort of messed up "honor" system, like a company making public disclosure of an attack before they swoop in like a big vulture to pick over their bones.
I don't honestly know how they'd exactly figure out you've paid a fine to a cyberattacker, especially since most payments are made in Bitcoin (or some other cryptocurrency) and they've had a difficult time tracking those transactions and have yet to admit any cryptocurrency is a monetary unit.
Ultimately, it's better to be safe than sorry, and anytime you can avoid paying a ransom or a fine, you should probably do so.
It's also worth noting the brief doesn't indicate how much someone might have to pay if it's determined they're liable for violating any economic sanctions. Is it another toothless piece of legislation or legal flotsam? Could be. Is it worth not protecting your sensitive and valuable data? No.
Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.