Paying Ransom to Unlock Data is Now Illegal

In an advisory released on October 1st, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) stated that companies that facilitate ransomware payments to actors on behalf of victims risk violating OFAC regulations. “Facilitating a ransomware payment that is demanded as a result of malicious cyber activities may enable criminals and adversaries with a sanctions nexus to profit and advance their illicit aims,” states the OFAC. “Ransomware payments may also embolden cyber actors to engage in future attacks. In addition, paying a ransom to cyber actors does not guarantee that the victim will regain access to its stolen data.”

Ransomware attacks only continue to increase. “Demand for ransomware payments has increased during the COVID-19 pandemic as cyber actors target online systems that US persons rely on to continue conducting business. In recent years, ransomware attacks have become more focused, sophisticated, costly, and numerous. While ransomware attacks are carried out against large corporations, many ransomware attacks also target small and medium sized businesses, local government agencies, hospitals, and school districts, which may be more vulnerable as they may have fewer resources to invest in cyber protection.”

So, what happens if you get ransomware and all your data is encrypted? How do you get it back if you can no longer pay the ransom? That is where your backups come in. It is incredibly important, now more than ever, that you have a reliable, tested, secure backup & recovery system in place. Let’s go over that again – your backup & recovery system needs to be: reliable, tested, AND SECURE. Your backup is no use if it can get encrypted as well.

Need help making sure you have the right systems in place? We’re here to help!