• Register

Data Net Blog

Ransomware is Now Even Less Affordable to Consider Paying

Ransomware is Now Even Less Affordable to Consider Paying

We haven’t exactly been shy about sharing our recommendation that a ransomware demand should never be met with payment, but there is now an even more impactful reason not to. This deterrent comes courtesy of the United States Treasury Department, which has released a statement informing businesses of potential fines as retribution for doing so.

Let’s review how ransomware can be so costly, and what costs these fines could add to it.

The Costs of Ransomware

Thanks to how connected the world is today, criminal activity has a much longer reach than it ever has. Just compare the old stagecoach robberies of the Old West, where bandits literally had to run down their targets on horseback, to the cybercrimes that are committed today. Nowadays, cybercrimes can easily strike the businesses and residents of Chicago while—somewhere in Romania—the perpetrator lounges on their canapea.

To accomplish this, many cybercriminals have turned to using ransomware. Ransomware is a variety of malware that encrypts a targeted system, effectively rendering it useless until a handsome ransom is paid for the release of the locked-down data and resources. Unfortunately, there is no guarantee that the cybercriminal won’t just take the money and leave the system as is. This outcome is just as common as one might assume.

Hence, our advice that one should never pay the ransom that these cybercriminals demand. While we completely understand that it may seem to be the quickest way to restore your data and resume your operations (and for many, quite possibly the only hope they have of doing so), this is precisely the thought that the cybercriminals want you to have in mind.

Therefore, paying for your access to your data to be restored simply isn’t an advisable strategy, if for no other reason than the very real risk that your data won’t be returned to you even if you do pay. Furthermore, any money you give the attacker will likely just help them finance more attacks.

However, with the Treasury Department’s statement, these issues become just the start of your problems if you do choose to pay the ransom.

What the Treasury Department Has Done

Rather than simply advising businesses not to pay, the Treasury Department is implementing more punitive measures. Now, the Treasury Department warns, the federal government could levy some significant fines against businesses for paying these ransoms, as doing so could very well violate terms that the Treasury’s Office of Foreign Assets Control (OFAC) has established.

OFAC released an Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, wherein it was outlined how many cybercriminal groups (including the Lazarus Group out of North Korea, the Evil Corp syndicate from Russia, and numerous individuals tied to SamSam and Cryptolocker) primarily operate out of regions that are subject to economic sanctions. As a result, any transactions made with these groups are themselves a crime, including any ransomware payments.

After all, it is entirely possible that these payments could wind up assisting some other direct threat to national security. Therefore, unless given special dispensation from the Treasury, a business that pays up a ransomware demand could very well have millions of dollars in fines to pay to Uncle Sam after the fact.

For some clarification, this advisory doesn’t technically ban ransomware payments carte blanche. Rather, it is meant to encourage companies impacted by ransomware to either reach out to law enforcement to gain clearance or to obtain a license from OFAC before handing over any funds. It is important to acknowledge, however, that these permissions aren’t likely to be granted.

Of course, we have no way of knowing how strictly these policies will be enforced, but being safe rather than being sorry is a good policy in these circumstances.

How This Policy Impacts the Insurance Industry

Making a complicated situation even more complex, OFAC’s advisory is completely at odds with the advice that many insurance companies give their policyholder clients to just pay the ransom and make a claim for the losses. The idea behind this is that just paying the ransom would be less costly than dealing with the expense and downtime that recovering from a backup would hold… but at the same time, this course of action doesn’t exactly discourage cybercriminals from leveraging ransomware in their attacks.

With these sanctions in place, insurance companies would no longer be able to provide such policies, as the costs of doing so would be prohibitive—even if providers were to condone paying these ransoms. As a result, it is possible that cyber insurance policies may eventually stop covering ransomware, which in turn may lead to many businesses reconsidering their investment into such policies.

With these circumstances, it is even more important that businesses can protect themselves from ransomware, which means that there will need to be increased awareness into the risk factors that precede it. This is particularly true, given the recent upswing in the number of remote workers.

Make sure that your team knows how common it is for ransomware to be spread through phishing messages, disguised as attachments or links. This will help to keep them more aware of the risk and be more on their guard in case an attack comes their way.

For more information about ransomware and how to avoid it, or any other security concerns and the solutions that help address them, reach out to Data Net. Our team of experienced IT experts is here to lend a hand as you protect your business. Learn more about what we can do by calling (760) 466-1200.

Tip of the Week: Let Others Use Your Android Devic...
2020 Smartphone Flagships You Should Know


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Saturday, November 28, 2020

Captcha Image

By accepting you will be accessing a service provided by a third-party external to

Tag Cloud

Tip of the Week Security Technology Best Practices Productivity Business Computing Network Security Data Efficiency IT Support Privacy Communication Smartphones Hackers User Tips Malware Microsoft Workplace Tips Google Small Business Hardware Email Users Cloud Innovation Software Mobile Device VoIp Communications Managed IT Services Mobile Devices Computer Business Cybersecurity Collaboration Tech Term Internet Android Ransomware Miscellaneous Hosted Solutions Business Management Outsourced IT Social Media Network Cloud Computing Managed Service Windows 10 Covid-19 Phishing IT Services Passwords Backup Browser Smartphone Information Saving Money Upgrade Remote Data recovery Gadgets Data Backup Holiday Apps Wi-Fi Facebook Applications Networking Wireless Internet of Things Bandwidth Windows Microsoft Office Office 365 Automation Employer-Employee Relationship Mobile Office Gmail Patch Management Marketing Save Money Quick Tips Access Control Chrome VPN Data Breach BDR Apple Managed IT services Remote Work Compliance Blockchain Business Intelligence Going Green Word Employee-Employer Relationship Laptop Conferencing Router Value Health Analytics Voice over Internet Protocol Managed IT Service Virtualization iPhone Healthcare Tech Terms Cost Management Net Neutrality Processor Education Content Filtering G Suite Remote Monitoring Computers Server Data Protection Data Security Virus How To Mobility Settings Bring Your Own Device Retail Telephony Twitter Batteries RAM Artificial Intelligence Cybercrime Telephone System Remote Monitoring and Management Password Physical Security Training Windows 7 Business Technology Medical IT Mobile Device Management Battery Excel Paperless Office Business Continuity Cortana Connectivity Payment Cards Company Culture Disaster Recovery Scam Wireless Charging Social Network Government Remote Computing Data Management Office Virtual Assistant Microsoft Office 365 Employees Distribution Law Enforcement Telecommuting Virtual Private Network Reviews Maintenance Plug-In Streaming Media Storage WhatsApp Current Events User Tip Spyware Innovations BYOD Safety Website Certification Sales Online Shopping Computer Repair Vulnerabilities Scams PCI DSS Troubleshooting Data loss Windows Server 2008 R2 IT PowerPoint Remote Workers Unified Communications Authentication Database News Solid State Drive Fleet Management Customer Relationship Management End of Support Internet Explorer Proactive IT Big Data Technology Tips Licensing Recycling Downloads Dark Web Network Attached Storage Environment Human Resources Information Technology Edge Wireless Internet Display Tablet IT Service Live Streaming Cryptocurrency Project Management WannaCry Regulations Compliance HP Update Spam Taskbar User Security Hosted Desktop Sports Reporting IT budget Comparison Authorization Hard Disk Drive Multi-Factor Authentication Workers Managed Service Provider Threat Tech Support WiFi Personal Information Mobile Trends Error e-waste Managed Services Provider Tip of the week YouTube Amazon Dongle Benchmarks Inventory Search HIPAA Meetings Hybrid Cloud Document Management Outlook Antivirus Remote Support Help Desk National Security Voice over IP Firewall E-Commerce Bitcoin Specifications Management Microsoft Teams Machine Learning Tactics Cleaning Video File Sharing Millennials Co-Managed IT Printing Backup and Disaster Recovery Alert Vulnerability Recovery A.I. disposal Electronic Health Records Vendor Tip of the Week/Security Security Cameras Risk Management Knowledge SaaS IT Management Mobile Security Time Management Insurance Hard Drive Printer Cables Profitability Staff Profiles Payment Lead Generation Remote Working Customer Service Holidays Humor Paper Hard Drives Virtual Reality Movies Touchscreen Server Management SharePoint Wearables GDPR Operating System Congratulations Chrome OS File Management Processors Encryption Digital Eliminating Downtime Websites Updates eCommerce Shadow IT instant Messaging Threats Managing Stress Telecommute Botnet OneNote Memes Ink SSD Travel Regulation Analysis Thank You Financial Printers

Latest News & Events

Please join us in congratulating Bill Vann on his promotion to Customer Success Manager....

Contact Us

Learn more about what Data Net can do for your business.

Call Us Today
Call us today
(760) 466-1200

5795 Kearny Villa Road
San Diego, California 92123