Blog

Paying a Ransom Demand Could Get Even More Expensive

Paying a Ransom Demand Could Get Even More Expensive

When it comes to ransomware, we have always stood firm in our recommendation not to pay whoever is responsible for locking down your systems. However, due to the globalized nature of technology and cybercrime, it is even more important that companies don’t attempt to placate their attackers with the demanded funds. Otherwise, warns the United States Treasury Department, these victimized businesses could very well pay severe fines for doing so.

What are the Costs of Ransomware?

Here’s the situation: in today’s increasingly connected world, cybercriminal activities can be conducted from essentially anywhere and target essentially anyone. It isn’t like the old-fashioned stick-‘em-up robbery, where the criminal had to be present to commit the crime. Now, someone in Portugal could presumably rob the Federal Credit Union of Poughkeepsie without getting up out of their poltrona.

One particularly effective tool that many cybercriminals will now use to do so is ransomware—a malware that encrypts a system and renders it effectively useless, only offering the user the means to pay the criminal responsible some fee in exchange for resumed access to their resources. Whether the cybercriminal holds up their end of the bargain is another, highly unlikely story.

As we’ve said, we recommend that you never pay these attackers… but we do understand why you may feel that is your best option. After all, it seems like the fastest way out of a bad situation and when your business is hemorrhaging money due to downtime, you’re going to want to fix the situation as quickly as possible. This is precisely what the cybercriminals are counting on.

Despite this, it really is a bad practice to pay for resumed access to your data for a number of reasons, not the least of which being the fact that you’ve no guarantee that your data will actually be returned and that the money you send will only fuel more attacks.

However, that’s just the start of your problems, should you elect to pay up.

Uncle Sam Wants to Dissuade Businesses with Different Tactics

To try and discourage ransom payments, the Treasury Department is doubling down on the advice that the Federal Bureau of Investigation has been giving for years. Rather than simply discouraging businesses from paying, the Treasury Department has warned that the federal government could severely fine the businesses that pay out these ransoms for violating terms laid out by the Treasury’s Office of Foreign Assets Control.

In their Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, OFAC outlines how many cybercriminal groups—including the North Korean Lazarus Group, the Russian cybercriminal syndicate Evil Corp, and individuals tied to SamSam and Cryptolocker—operate out of regions that are already subject to economic sanctions, or have had sanctions levied against them. These sanctions make it a crime to make any transactions with them…including ransomware payments.

After all, once that ransom is paid over, who's to say that the money doesn’t wind up in the hands of some entity that poses a direct threat to security?

Unless given a special license by the Treasury, a business that facilitates ransomware by paying up could not only see losses in the amount of the exorbitant ransom demands, but also in the fines that could be levied up to millions of dollars.

Technically speaking, this advisory isn’t an outright ban on ransomware payments, per se. Instead, companies are encouraged to contact law enforcement to obtain clearance to pay the ransomware or to try to obtain an OFAC license to do so. However, these requests are more than likely to be denied.

There is also no telling how much these policies will be enforced, but it is almost certainly wiser to take them at face value and act accordingly.

Impact on the Insurance Industry

Adding to the complexity of the situation, this advisory flies directly counter to the advice that many insurance companies give their customers, as their advice is often to pay the ransom. The theory is that paying the ransom would ultimately be less expensive than recovering from a backup and undergoing the associated downtime—but ultimately adding to the growing ransomware problem.

These sanctions would effectively make it impossible for insurance companies to cover the costs that their policies guarantee, and it isn’t as though these companies will act in a way that violates these mandates.

Therefore, cyberinsurance policies will likely no longer include ransomware coverage. This may result in many businesses second-guessing if investing in insurance is worth the cost.

Regardless, for companies to protect themselves from the threat of ransomware, there needs to be a greater awareness of how to avoid the risks and the importance of doing so. This is especially the case right now as so many people are working remotely.

Ransomware attacks are commonly spread via phishing messages, often packaged in attachments or through disguised download links. Make sure your team members are all aware of this threat, and how they can better spot a phishing email as it comes in.

For more information on how to do so, and other security best practices and solutions, turn to us at White Mountain IT Services. As a managed service provider, our mission is to help your business manage its information technology so that you can remain productive—which includes protecting it as best we can from a variety of threats. Learn more by giving us a call at 603-889-0800.

Related Posts

Keeping your network and infrastructure free from threats is always a priority, but with so many people working remotely, businesses have encountered problems doing so. In fact, hackers and scammers have come out of the woodwork to try and gain entry...
Business relationships, especially between you and a service provider or you and a coworker, are crucial to a business’ success. However, maintaining these relationships can be challenging when there’s a good chance that your actions might create mor...
As a communication tool, the video conferencing app Zoom saw a considerable bump in its popularity with both personal and business users as the coronavirus pandemic made other means of meeting no longer viable. However, this sudden increase in its us...
Having success in business often relies on developing trustworthy relationships. You have to trust your vendors and suppliers to get you the resources you need, you need to trust your staff to complete their tasks without putting your business in har...
Smart assistants commonly appear in the office and home, so much so that the novelty seems to have finally worn off and they are now just another appliance—and, like any other appliance, there are a few quirks that can be frustrating to deal with. Fo...
While it may sound strange coming from a managed service provider, there is some wisdom to the adage, “if it ain’t broke, don’t fix it.” We know, we know… it sounds a little hypocritical for us to say something like this, when we spend so much time t...
Security is a major part of any business, and if there isn’t a diligent approach to the implementation of it, you can be left with huge holes in your network. This month, we thought we would discuss some of the best practices you can take to make sur...
The Cybersecurity and Infrastructure Security Agency (CISA) has released an emergency directive concerning a critical exploit known as Zerologon, that affects servers running Windows Server operating systems that needs to get patched as soon as possi...
When we think of cybercrime, most people’s minds go to one of two places. On the one hand, some think about the annoying, misspelled emails that are so obviously scams, while on the other, we can’t help but think about the hacks that we see in movies...
If you’ve been reading this blog for any length of time, you’ve seen us reference a phishing attack. Whether you are being asked by some supposed Nigerian prince to fork over money or you are getting an email by what seems to be your bank that direct...
When people talk about cybersecurity nowadays, there certainly seems to be a lot of emphasis put on phishing attacks and ransomware. This is for good reason. Not only can either of these attack vectors create significant difficulties for a business, ...
Telework has become crucial for businesses to sustain themselves right now, as remote work became a hard and fast requirement in the face of the coronavirus. However, if businesses aren’t careful, they could trade one issue for another in exposing th...

Onsite Service Coverage Area

Although we provide remote services and support to businesses in over 20 states, onsite services are limited to within reasonable driving distance from our office in NH.  For locations outside of our service area, we will manage a local vendor to provide onsite assistance when needed.

 

Onsite Computer Support Services are available to businesses within 100 miles of Nashua New Hampshire. We have excellent onsite coverage from Concord NH, south through Manchester NH, and then down into Boston. From Northern and Central Mass, we cover from Worcester, east to the North Shore, including the Salem and Portsmouth NH area.

 

White Mountain IT Services
33 Main Street, Suite 302
Nashua, New Hampshire 03064

 

603-889-0800

map nashua4 1

 

Open Positions