Divisions of the US Treasury Department released an advisory in 2020 effectively implementing a ban on ransomware payments to groups under sanction by the American government. As quite a few of the gangs that specialize in this type of malware attack often act as nation-state hackers as well for their home countries, this order intends to severely cut down the possibility of supporting them. It also more strictly regulates the ability of certain cybersecurity firms to act as money handlers for payments to cybercriminals, which some had been doing discreetly while advertising other solutions.
Here are the top factors to know about the potential ransomware payment ban and how it can affect your business:
Specifics of the US Treasury Advisory
On October 1, 2020, the Treasury put out a press release announcing the advisories from two of its divisions that explain the details of the decision as well as the thinking behind it. The Financial Crimes Enforcement Network (FinCEN) and the Office of Foreign Assets Control (OFAC) each issued separate but similar statements (“Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments” and “Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments,” respectively).
Within their acting powers given to their respective offices, both divisions made clear through their advisories that any transactions with a sanctioned party or parties could constitute a violation of US law. Various regulations come into play for this process, from data privacy reporting obligations to the act of facilitating a payment for a ransom, and finally the transactional contact with a party under US sanction. This is also why insurers and cybersecurity firms that end up handling money for or otherwise facilitate these payments are coming under extra scrutiny by the Treasury.
Ransomware Payment Ban Strategy Growing
This is not the first attempt to regulate these types of activities, with the NY State Senate trying to pass a bill earlier in 2020 that would effectively ban ransomware payments. However, this may be the beginning of a federal mandate explicitly prohibit ultimately contributing to cybercriminals that perpetuate this type of extortion. This method has evolved in recent years and even gangs that have historically relied on other techniques have increasingly migrated to encrypting files.
Nation-State Hackers and Cybercrime
Cybercriminal syndicates are active all around the world and have exhibited various levels of sophistication, but it is thought the most increasingly prolific are those based out of Russia. North Korea is another suspected culprit of employing nation-state hackers for collecting ransoms to achieve their objectives. Iran is not necessarily a repeat offender, but the SamSam ransomware which hit Newark in 2018 was traced by the FBI to two Tehran residents that primarily targeted the US and may well have acted for nationalistic reasons.
Cybersecurity Services Paying Off Ransoms
A new internal industry has emerged within cybersecurity where certain firms will handle the negotiation and payment for ransomware, or pretend not to and do it at inflated price. However, the US Treasury has made clear that now any party that does so must be registered for the service, which adds reporting and visibility requirements that could transform how this sector operates. Previously, cyber insurance companies were more likely to prompt their clients to just pay the ransom – now that such action is under the regulatory microscope, this may change.
The Safest Solution is to Backup Data
To clarify, this advisory does not perpetually ban ransomware payments, but what it does do is create huge risk for working with a party who may or not be under sanction and open you up to huge noncompliance fees. The safest solution for fighting against hackers is still to do everything in your power to prevent a breach, and backup your data regularly for if and when the worst scenario occurs. Only a sophisticated, frequent business continuity solution can protect you from being at the mercy of cybercriminals and limit the damage done by a malware infection.
Backing up Data Ensures Business Continuity Against Ransomware
SWK Technologies has firsthand experience with enabling businesses to restore their system and recover their data completely after a disaster. We will be able to help you find the right business continuity solution that works with your current software, ensure that it is consistently up to date and aid you in migrating recovered files back into your database to restore your network uptime.
Download our ebook here to discover more about ransomware and how to protect your business by backing up your data.
