If you get hit with a ransomware attack, do NOT pay the ransom! The US Treasury department says it is now ILLEGAL to pay the ransom and companies will be prosecuted! This brings a whole new caveat to “what should you do if you are attacked”.
Do NOT Pay The Ransom!
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced that paying ransom to cybercriminals is now illegal. In an official advisory, the agency stated that organizations that facilitate ransomware payments to hackers on behalf of ransomware victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, are violating OFAC regulations.
“Ransomware payments made to sanctioned persons or to comprehensively sanctioned jurisdictions could be used to fund activities adverse to the national security and foreign policy objectives of the United States. Ransomware payments may also embolden cyber actors to engage in future attacks,” OFAC said.
“OFAC may impose civil penalties for sanctions violations based on strict liability, meaning that a person subject to U.S. jurisdiction may be held civilly liable even if it did not know or have reason to know it was engaging in a transaction with a person that is prohibited under sanctions laws and regulations administered by OFAC,” OFAC added.
The agency also highlighted that ransomware attacks have become more sophisticated and costly, with a 37% annual increase in reported ransomware cases and a 147% annual increase in associated losses from 2018 to 2019. Not only popular/large organizations, cybercriminals targeted numerous small- and medium-sized corporations.
Ransom Demand Increase by 100%
A report published by Coalition, a provider of cyber insurance services in North America, revealed that ransomware incidents accounted to 41% of cyber insurance claims filed in the first six months of 2020. The report “H1 2020 Cyber Insurance Claims Report” highlighted that the average ransomware demand increased by 100% from 2019 through 2020. Several organizations stated that ransomware attacks are the most prevalent and destructive cyberthreats. The severity of ransomware attacks increased by 47%, with a 100% spike from 2019 to Q1 2020. New and malicious strains of ransomware variants such as Maze and DoppelPaymer are leveraged to demand heavy ransom and expose organizational data. An average Maze demand is six times larger than the overall average ransom demand, the report stated.