Pressure from ransomware sanctions leaves scant options for companies scrambling to resolve a cyber-attack crisis
In the digital age, ransomware attacks have become a significant threat to businesses and governments worldwide. These cyberattacks, which lock a victim's files and demand a ransom to restore access, contributed to 43% of losses by the number of claims, according to recent data.
The Treasury and Justice Departments have compliance obligations for all parties involved, including ransom negotiators. The Office of Foreign Assets Control (OFAC) views the offense as a strict liability offense, meaning mistakes can result in a fine or penalty. This has raised eyebrows, as the advisory put cybersecurity and financial services firms "on notice" and made it an enforcement priority.
The ever-evolving sophistication of ransomware has led to a newfound niche service: ransomware-specific firms. Companies are turning to these services to navigate the complex landscape of ransomware attacks. However, the Treasury Department has added sanctions to the risk calculus of paying a ransom, including cyber insurers and digital forensics and incident response organisations.
Third parties, for the most part, are better at piecing together attribution than the victimized organisation. This is because they have more resources and expertise to trace the origin of the attack. The FBI is very unlikely to approve of payment via to an SDN-listed party, but there might be exceptions if paying a ransom could prevent future attacks. Some attackers may hide their origin further by using privacy coins, such as Monero or Zcash, instead of Bitcoin.
The WastedLocker ransomware attack against Garmin this summer involved ransom negotiators Arete IR, who reportedly paid the attackers, who are said to be linked to Russia-based Evil Corp, one of the sanctioned, Specially Designated Nationals and Blocked Persons (SDN)-listed threat groups.
The average number of cyber-related insurance claims increased from 119 claims per quarter in 2018 to 257 claims per quarter in 2020. It is not the job of an insurance provider to encourage an organization to pay the extortion after a ransomware attack, but to provide guidance and a monetary cushion if the ransom is paid.
Ransomware commercialization and franchise models are causing more attacks, with ransomware costing organisations $6.3 billion or more in ransom demands in 2019. ID Ransomware collected upwards of 100,000 ransomware reports targeting public and private sector organisations, with more than 11,600 connected to threat groups known for data exfiltration.
Business interruption (BI) accounts for the largest chunk of ransomware-related costs, with the BI proportion of the loss being four to five times greater than the demand. Companies within financial services handling cryptocurrency are required to report suspicious activity under the Bank Secrecy Act.
The FBI particularly likes to track ransomware situations and involvement of law enforcement early on helps enforcement agencies improve their understanding and mitigation calculus. More experienced threat groups are more likely to "make good on the promise to release a clean decrypting code," while less sophisticated actors don't care. Ransomware gangs targeting municipalities, school districts, or local hospitals are feeding on entities that likely don't have sanctions compliance programs because they don't need to and they don't have the resources for them.
In conclusion, ransomware attacks pose a significant threat to businesses and governments, with the Treasury and Justice Departments imposing compliance obligations on all parties involved. The rise of ransomware-specific firms, the increasing number of insurance claims, and the growing costs of ransom demands highlight the need for improved cybersecurity measures and vigilance against these threats. Early involvement of law enforcement can also help in understanding and mitigating the risks posed by ransomware attacks.
Read also:
- MRI Scans in Epilepsy Diagnosis: Function and Revealed Findings
- Hematology specialist and anemia treatment: The role of a hematologist in managing anemia conditions
- Enhancing the framework or setup for efficient operation and growth
- Hydroelectric Power Generation Industry Forecasted to Expand to USD 413.3 Billion by 2034, Projected Growth Rate of 5.8% Compound Annual Growth Rate (CAGR)
