Fines Are Coming to Organizations That Pay Off Ransomware Attackers
As COVID-19 forces businesses to rely on online systems to operate, ransomware attacks are on the rise. On October 1, the U.S. Department of Treasury issued an advisory statement to victims who attempt to make ransomware payments.
According to the Treasury, paying cybercriminals encourages future attacks and does not guarantee that the victim will regain access to stolen data. Therefore, victims who pay the ransom to get their data back could face significant fines from the Treasury’s Office of Foreign Assets Control (OFAC).
OFAC warned that consultants and insurers who assist organizations as intermediaries to help pay a ransom could also be fined. Under the authority of the International Emergency Economic Powers Act (IEEPA) or the Trading with the Enemy Act (TWEA), U.S. persons are prohibited from engaging in transactions, directly or indirectly, with individuals or entities on OFAC’s Specially Designated Nationals and Blocked Persons List (SDN List).
What to Do If You’re Attacked
OFAC encourages organizations to evaluate their compliance programs and policies to decrease the chance of sanctions-related violations. If a company is attacked, OFAC considers their self-initiated, timely, and complete report of the attack to law enforcement to be a significant mitigating factor when determining appropriate fines and enforcement. Victims are asked to contact OFAC immediately following a ransomware attack.
- U.S. Department of the Treasury’s Office of Foreign Assets Control
- Sanctions Compliance and Evaluation Division: ofac_feedback@treasury.gov; (202) 622-2490 / (800) 540-6322
- Licensing Division: https://licensing.ofac.treas.gov/; (202) 622-2480
How Can I Protect My Business?
Typically, ransomware takes over a victim’s machine and demands money in exchange for access to stolen information. The best way to prevent ransomware attacks is to create offline data copies, known as air gap backups.
Yeo & Yeo Technology (YYTECH) can help develop and implement cybersecurity solutions for your organization. Their team of industry-certified engineers and technicians can optimize your IT infrastructure, creating layers of protection against hackers.
Learn more about how YYTECH network management can keep your data safe.