Three seconds. That is how long it takes for ransomware to start encrypting the files on your PC or network. This split second can cause an immediate impact on your business, which can cause days, months or even up to a year of recovery.
With ransomware attacks in the United States alone costing businesses over $7.5 billion in 2019 and with 62% of businesses reporting having dealt with an attack as of April 2020, it is no wonder the U.S Department of the Treasury is making it illegal for victims to continue pay ransoms to regain access to their data. Not only are they making it illegal, but your organization could face up to $20 million in fines for paying the ransom. This is one way to address the increase of attacks, but will this completely stop these costly issues? Here’s what we know.
Paying Up Adds To The Problem
It used to be that if your business was hit by a ransomware attack, then you would pay thousands to millions of dollars to the hacker to gain back access to your data. This cost, and still costs, companies investment dollars that could have gone elsewhere in their business.
This is the biggest reason why ransomware attacks have gotten so frequent. Who wouldn’t want a payday every day? With financial losses from cybercrimes skyrocketing in recent years, the U.S. The Department of the Treasury has imposed economic sanctions on multiple cybercriminals and groups, including freezing all property and financial interests.
But who are these so-called criminals? Many of them are based in Russia or elsewhere in Eastern Europe. Some of these sanctions have been involved with ransomware and malware attacks tied to North Korean Lazarus Group; Evgeniy Bogachev, the developer of Cryptolocker and the Evil Corp, which extracted more than $100 million from victims’ businesses. The recent ransomware attacks “WannaCry” and “NotPetya” were traced to foreign governments with political motivations. When companies pay criminals after being hit by ransomware, they’re only helping bankroll further attacks.
Involvement of Law Enforcement
Insurance providers are another reason why companies pay ransomware attackers. According to KrebsonSecurity, “These providers help facilitate the payments because the amount demanded ends up being less than what the insurer could potentially have to pay to cover the cost of the affected business being sidelined for days or weeks at a time.”
Identifying the perpetrators of ransomware attacks is no easy job. For one, many hackers operate in countries that don’t extradite people to the U.S. Next, many of these hackers use software such as proxy servers to hide their identity. Finally, organizations do not like talking about the details of their breach, but it’s extremely helpful for these businesses to share what they have learned about what happened since cybercriminals tend to follow similar blueprints.
But the Treasury’s Office of Forgin Assets Control (OFAC) is now putting its foot down. The office recently stated that government agencies could impose fines up to $20 million on organizations that end up paying a ransom to get their data back. This fine does not just apply to the actual victims but also consultants and insurers.
This warning is nothing new. According to Fabian Wosar, chief technology officer at computer security firm Emsisoft, “Companies that help ransomware victims negotiate lower payments and facilitate the financial exchange are already aware of the legal risks from OFAC violations and will generally refuse clients who get hit by certain ransomware strains.” So do you still pay and take the fine or do you take the risk of losing all of your data?
To Pay or Not To Pay
When hit by a ransomware attack, to pay or to refuse is probably the biggest question. You have to weigh the benefits and risks of paying while also considering how fast you need to get your network back up and running. For example, If a hospital is hit by a ransomware attack, getting its computer systems working again would be a life or death situation. A corporate business would have more time to get its network working again.
But even if you pay up, you are still at risk. Although hackers usually release all your data back after they receive the payment, you still might not get your data back due to these reasons:
- The decryption system may fail
- Hackers might demand extra money
- They could target you again
- Your computer could remain infected even after payments
Hackers know how to play the game, including typically targeting the same people or businesses multiple times. If you pay the ransom, then they could hack your data again and demand more money. No matter if your company makes the ransom payments, these transactions encourage attackers to continue their activity, increasing cyber hacks.
MDL Technology Is Here To Help
With more and more breaches each day, ransomware attacks are only going to get more sophisticated. With the recent news regarding the OFAC making it illegal to pay ransom, having your C-levels take a close look at this advisory is a must in order to ensure the right policies are in place. Nearly three-fourths of organizations targeted by ransomware attacks do not have security in place. Establishing and maintaining offline backups, employing multifactor authentication and implementing a strategy to prevent unauthorized data theft are just three ways your company can take to help mitigate risks and minimize security damage.
Your company’s security is our top priority. We offer services such as 24/7 support, network monitoring, offsite data backups, auditing and compliance and more to help ensure that you don’t need to stress about your team’s private information becoming public.
Learn more about the services we offer by visiting our website.