Blog

New Ransomware Laws: United States Government Ransomware Payment Sanctions and How to Protect Your Business

By Mark Chinsky
Government Ransomware Sanctions_Header_1

Ransomware attacks are on the rise. Companies are more vulnerable today than they were a few years ago, and the government has responded with additional guidelines to help victims deal with the fallout.  

If you are responsible for a company’s cybersecurity or have been a victim of a ransomware attack, it’s crucial that you understand the government guidelines for your situation. Otherwise, you could face fines or even prison time for violating U.S. law regarding international malicious cyber actors.  

Read on to find out what ransomware is, the government’s recently issued advisory about it, and what you can do to protect your assets from a potential attack.  

What is Ransomware? 

Ransomware is one of the most serious forms of cyberattacks. Essentially, ransomware is a type of malware that encrypts files and data, blocking the rightful owners from having access. Once access to the data is blocked, the perpetrators typically demand a ransom from the targeted organization in return for access to the data.  

In some cases, ransomware culprits will threaten to release sensitive or classified data instead of simply denying access.  

Depending on the size and scope of the attack, perpetrators may demand a huge sum of money or an exchange of resources from the victims. Typically, sums must be paid in Bitcoin, which is virtually untraceable and the preferred currency of cyberattackers.  

There are a few ways ransomware can gain access to a computer or computer system. One of the most common methods is what is known as phishing spam, where you receive an email or message with an attached file that seems safe to open. Cybercriminals program the file with malware designed to penetrate and access the computer’s hardware and user data.  

Phishing requires victim cooperation, meaning the victim must unwittingly give the attackers access to their system. However, there are more aggressive methods to conduct a ransomware attack, where perpetrators actively find weaknesses in cybersecurity and exploit them for access. Some prime examples of this are known as Petya and NotPetya.  

While Petya’s purpose is to make a few fast Bitcoins from individuals and smaller companies, NotPetya is much more malicious. The U.S. government recognized NotPetya as related to state-sanctioned cyberattacks, chiefly from Russia. NotPetya is a much more invasive program that can infect many computers and computer systems, potentially crippling entire industries and infrastructure if not addressed correctly.  

Why Are Ransomware Attacks Increasing? 

Ransomware, among other malicious cyberattacks, has exhibited a dramatic rise over the last year. The global coronavirus pandemic is one of the main reasons for this happening.  

Due to lockdowns and quarantines, businesses, organizations, and individuals rely increasingly on electronic data transmission and storage to continue running their businesses. However, this makes company data much more vulnerable to a ransomware attack.  

Malicious cyber actors have taken advantage of this shift from in-person to online business dealings. They can identify what programs companies use to store and transmit their data and search for any weaknesses in the computer system’s defenses.  

During the pandemic, companies are much more desperate to resolve potential ransomware incidents as soon as possible. Otherwise, their organization might be crippled after not being able to access their data in time to continue conducting their business.  

However, even before the pandemic, ransomware attacks were growing in prevalence and severity. According to the 2018 and 2019 annual crime report by the Federal Bureau of Investigation (FBI), there was a 37% increase each year in ransomware attacks and a 147% growth in losses.  

Now more than ever, it’s extremely important to be aware of the risk that phishing poses to your cybersecurity and initiate state-of-the-art cyber defenses to prevent such attacks from occurring.  

What Are OFAC Advisories on Ransomware? 

The Office of Foreign Assets Control (OFAC) issued an advisory on October 1st, 2020, that outlined new government policies regarding ransomware attacks on U.S. companies and citizens.  

You might think that this is directed towards how companies can protect their digital assets from potential ransomware attacks. While it does cover that, the advisory also outlines potential punishments for victims who engage in communication or an exchange with the attack perpetrators. 

The reasoning behind this is that when people give in to the demands of malicious cyber actors, cyberattacks are increasingly likely to occur. The regulations are very in line with the government’s policy of not negotiating with terrorists in an attempt to prevent more attacks from happening.  

How Does OFAC Designate Malicious Cyber Actors? 

Under its cyber-related sanctions and other U.S. government sanctions programs, OFAC has designated many different malicious cyber actors as threats to national security. Many perpetrators of ransomware attacks and the parties who fund such attacks are considered malicious cyber actors. 

For some background information, sanctions are penalties the U.S. government enacts against those found breaking international law. In general, they restrict the flow of money to and from sanctioned parties, as well as curb their ability to travel abroad freely.  

When the government designates a ransomware attacker as a malicious cyber actor, OFAC automatically sanctions them. Anyone caught dealing with the sanctioned party can be punished under U.S. federal law. Perpetrators are added to the Specially Designated Nationals and Blocked Persons List (SDN) to log them into a federally accessible database.  

For example, in May 2017, WannaCry 2.0 ransomware infected upwards of 300,000 computers across around 150 countries. Lazarus Group, a North Korean-sponsored cybercriminal organization, was linked to the attack. OFAC designated the Lazarus Group and two sub-organizations as malicious cyber actors to restrict their ability to operate any further.  

What Are the Implications of OFAC Advisories for Companies? 

When a ransomware attack occurs on your data, your knee-jerk reaction might be to hire a professional to get back access as soon as possible. However, this would not be a wise course of action. 

As mentioned earlier in the article, U.S. government sanctions prohibit contact or transactions with parties added to the SDN sanction list. As is the case with many ransomware attacks, the perpetrators may be on or linked to other parties included on the SDN. 

If you were to pay the ransom, the government can fine you as an individual or your company for violating U.S. government ransomware laws. Also, suppose you facilitated a transaction between a victim and a perpetrator of a ransomware attack. In that case, you can be similarly punished by the government even if a company hired you to do so. 

It’s worthwhile to note that even if you pay the ransomware attacker what they ask, there is no guarantee you will actually gain back access to your data or have sensitive information returned. Relying on a cybercriminal’s word is unwise, and they may take the opportunity to gouge you for more than they initially asked.  

What Should You Do If You Are a Victim of a Ransomware Attack? 

If you or your company are the victims of a ransomware attack, the first thing you should do is contact the relevant government agency. In most cases, OFAC is the right agency to contact first. If you believe the perpetrator of the ransomware attack is part of a sanctions nexus, a network of parties affiliated with individuals or organizations on the SDN List, it is even more important to contact the government first.  

OFAC or another government agency can help you coordinate resources to get your data back safely. While they never advocate negotiating with cybercriminals, the government will have tools and skilled professionals that can help you get through the situation intact. 

However, the government is not always up to the task, and it isn’t usually there to help you prevent an attack from occurring.  

How Can Hybrid Cloud Disaster Recovery Help? 

The best way to prevent the fallout of a ransomware attack, and avoid violating ransomware laws in the process, is by implementing a Hybrid Cloud Disaster Recovery protocol on your systems.  

Hybrid cloud solutions combine private and public cloud deployment models to help you back up and recover your sensitive data. Considering 93% of companies that don’t have access to their data center for 10 or more days file for bankruptcy within one year of the event, you need to have a ransomware prevention plan.  

There are five main benefits that a Hybrid Cloud Disaster Recovery solution can provide you: 

  1. Business Continuity
    If your company becomes the victim of a ransomware attack, especially during the pandemic, you must be able to continue conducting business as usual and accessing your data. Hybrid Cloud Disaster Recovery allows you to do just that.   
  2. Data Insurance
    With the EverSafe solution, Clients First creates a backup of all of your data at designated intervals, including anything and everything you wish to protect. This initial backup is stored online so that you can access it at any time.  

    Then, a backup of your backup is created and stored in an on-site server, safe from further cyberattack. This is not readily accessible without authorization to ensure the data’s continued safety. 
  3. Local Storage Flexibility
    Since there is no single storage site for your company’s data, you can use the nearly infinite cloud storage space to take on and off files you need access to at any given time. 
  4. Standards Compliance
    For many businesses in certain industries, data must be backed up and stored to remain compliant with government regulations. By opting for a hybrid cloud solution, you ensure your business remains compliant no matter what.  
  5. Cost
    While private clouds are expensive, hybrid clouds help keep costs low. The combination of online and offline storage reduces resource expenses that can add up in the long run.  

Arm Your Business Today

Download the latest State of Ransomware Report now to learn how this growing cybersecurity threat affects you and get practical solutions for protecting your business.

Contact Clients First to Learn More

In today’s uncertain times, you need to protect your business and data from a potential ransomware attack. The best way to do this is by enlisting Clients-First Business Solutions to develop a comprehensive data backup and recovery plan for all your information.  

Don’t wait until it’s too late. You are not allowed to interact with malicious cyber actors that the government has sanctioned. Request a quote or contact us today to find out exactly how we can help prevent an attack, recover from one, and avoid costly penalties from the Treasury Department. We’re ready and waiting to start your ransomware protection right now.   

Mark Chinsky

Mark Chinsky

Partner, Clients First Business Solutions New Jersey

Mark Chinsky is a highly skilled and highly passionate ERP consultant and partner at Clients First. With over 30 years’ experience working with a wide range of ERP solutions, he’s on a mission to help businesses understand the software selection process and how ERP software can benefit them. If you’re looking for trustworthy and transparent content on software implementation, technology deployment strategy, and business process improvement for distribution, manufacturing, and professional services businesses, Mark is your guy.