A big ransomware game changer came down the pipe on October 1st, from the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) as they issued a Ransomware Advisory alerting companies of potential sanctions risks for facilitating ransomware payments. This has the huge potential of taking away many companies’ “solution of last resort” when it comes to dealing with a ransomware attack on their organizational network infrastructure and proprietary data. Granted, in theory, stopping the ability for companies to pay malicious cyber actors who carry out ransomware attacks, SHOULD have the effect of reducing the monetary allure for carrying out the attacks. However, by taking away the ability to pay ransom, in the short term at least, this will definitely affect a lot of businesses; many of whom could be forced to cease operations should access to their systems and data be unrecoverable through means other than paying the ransom.
According to the Ransomware Advisory, “OFAC has imposed, and will continue to impose, sanctions on these actors and others who materially assist, sponsor, or provide financial material, or technological support for these activities.” What this new advisory brings to the forefront is that now, facilitating ransomware payments on behalf of a victim may also violate OFAC regulations and be subject to sanctions. The OFAC has designated a list of malicious cyber actors under its cyber-related sanctions program and other sanctions programs, including perpetrators of ransomware attacks and those who facilitate ransomware transactions, with whom sanctions would apply to ANY organizations who deal with them. Many of those on the list are well-known cybercriminal organizations who have been responsible for the majority of ransomware attacks. These include: Cryptolocker developer Evgeniy Mikhailovich Bogachev, WannaCry developer Lazarus Group, Russia-based Evil Corp (responsible for the Dridex malware and others), just to name a few.
As we alluded to a little while back, large organizations are becoming favourite targets of ransomware attacks. For one, they often have deep pockets and enough resources to actually pay the ransom in order to get their systems and data back. They are also the organizations that often have the most to lose if their systems go down. A case in point is the recent attack on Garmin, which had a massive effect on global positioning services. Although Garmin was able to get their systems and services back online in somewhat short order, there is speculation that they actually caved in and paid the ransom demanded in order to facilitate this. There is also speculation that they may face sanctions as a result of doing so!!
So, with this recent advisory, hopefully things may turn things around in the war against ransomware. Unfortunately, the victims of the attacks are going to be greatly affected as paying a ransom is no longer on the table. By paying the ransom, they face potential sanctions from the OFAC; basically a triple whammy of you’re “damned if you do and damned if you don’t” because if you don’t, you lose your systems and data but if you do, you pay the ransom AND also now a fine.
In the meantime, the best defence against ransomware has always been prevention, not the current approach of detect and remediate, where you have a patient zero who could be the catalyst for a ransomware attack. Refer back to our blog here. Wedge’s Absolute Real-time Protection (WedgeARP) platform has been proven to be one of the most highly effective solutions against ransomware by offering real-time threat prevention. By detecting and BLOCKING ransomware attacks BEFORE they have a chance to access a network and do harm, organizations are spared the costly remediation efforts, and now, potential sanctions when dealing with a successful attack. By utilizing patented Deep Content Inspection techniques, along with orchestrated threat management with multiple layers of protection – INCLUDING AI deep learning / machine learning based threat detection – WedgeARP can SEE the intent of content and is able to detect and block ALL malware (known, customized and never-before-seen), all in real-time. If your organization is concerned about the effects a ransomware attack could have on its systems and operations as well as the financial impact and potential government sanctions it could face, maybe it’s time to think about adding real-time threat prevention as part of its arsenal. Contact our team at: info@wedgenetworks.com to learn more.
