The U.S. Department of the Treasury issued a warning to companies that help make ransomware payments; you could face civil penalties.
“Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC (Office of Foreign Assets Control) regulations,” the Treasury Department said in its advisory.
The Treasury Department is seeking to crack down on ransom payments to hackers in known criminal groups.
The advisory could create another hurdle for organizations hit by a ransomware attack — figuring out if the U.S. has sanctioned the attackers.
According to the Treasury Department, companies that notify law enforcement of ransomware attacks may decrease their risk of a penalty if they end up paying a sanctioned entity.
Ransomware’s Growing Crisis
Ransomware is a type of malicious software that encrypts a victim’s files. The attacker then demands a payment to restore access.
According to the FBI, reported ransomware cases jumped 37% from 2018 to 2019.
The average ransomware demand has increased significantly as well. It now stands between $150,000 and $250,000, with multi-million dollar demands becoming increasingly common, according to cybersecurity company Emsisoft.
The highest ransomware demand publicly reported is $42 million.
The stakes are getting higher as there is a reported ransomware-related fatality in Germany.
Some people believe more drastic action is needed to curb ransomware.
In a blog post, Emsisoft called for governments to ban ransomware payments. The cybersecurity firm believes an outright ban is the only practical solution to turn ransomware unprofitable.
“Making ransomware attacks unprofitable is the only way to stop them. If it was illegal to pay ransom demands, ransomware would cease to be and our public and private sector organizations would no longer be under constant attack. Hospitals would be safe, and lives would not be at risk,” the firm wrote.
Chivaroli and Associates Insurance Services is a full-service brokerage firm specializing in the custom-design and placement of insurance and alternative risk funding solutions for your healthcare organization.