A big ransomware game changer came down the pipe on October 1st, from the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) as they issued a Ransomware Advisory alerting companies of potential sanctions risks for facilitating ransomware payments. This has the huge potential of taking away many companies’ “solution of last resort” when it comes to dealing with a ransomware attack on their organizational network infrastructure and proprietary data. Granted, in theory, stopping the ability for companies to pay malicious cyber actors who carry out ransomware attacks, SHOULD have the effect of reducing the monetary allure for carrying out the attacks. However, by taking away the ability to pay ransom, in the short term at least, this will definitely affect a lot of businesses; many of whom could be forced to cease operations should access to their systems and data be unrecoverable through means other than paying the ransom.
According to the Ransomware Advisory, “OFAC has imposed, and will continue to impose, sanctions on these actors and others who materially assist, sponsor, or provide financial material, or technological support for these activities.” What this new advisory brings to the forefront is that now, facilitating ransomware payments on behalf of a victim may also violate OFAC regulations and be subject to sanctions. The OFAC has designated a list of malicious cyber actors under its cyber-related sanctions program and other sanctions programs, including perpetrators of ransomware attacks and those who facilitate ransomware transactions, with whom sanctions would apply to ANY organizations who deal with them. Many of those on the list are well-known cybercriminal organizations who have been responsible for the majority of ransomware attacks. These include: Cryptolocker developer Evgeniy Mikhailovich Bogachev, WannaCry developer Lazarus Group, Russia-based Evil Corp (responsible for the Dridex malware and others), just to name a few.
As we alluded to a little while back, large organizations are becoming favourite targets of ransomware attacks. For one, they often have deep pockets and enough resources to actually pay the ransom in order to get their systems and data back. They are also the organizations that often have the most to lose if their systems go down. A case in point is the recent attack on Garmin, which had a massive effect on global positioning services. Although Garmin was able to get their systems and services back online in somewhat short order, there is speculation that they actually caved in and paid the ransom demanded in order to facilitate this. There is also speculation that they may face sanctions as a result of doing so!!
So, with this recent advisory, hopefully things may turn things around in the war against ransomware. Unfortunately, the victims of the attacks are going to be greatly affected as paying a ransom is no longer on the table. By paying the ransom, they face potential sanctions from the OFAC; basically a triple whammy of you’re “damned if you do and damned if you don’t” because if you don’t, you lose your systems and data but if you do, you pay the ransom AND also now a fine.
In the meantime, the best defence against ransomware has always been prevention, not the current approach of detect and remediate, where you have a patient zero who could be the catalyst for a ransomware attack. Refer back to our blog here. Wedge’s Absolute Real-time Protection (WedgeARP) platform has been proven to be one of the most highly effective solutions against ransomware by offering real-time threat prevention. By detecting and BLOCKING ransomware attacks BEFORE they have a chance to access a network and do harm, organizations are spared the costly remediation efforts, and now, potential sanctions when dealing with a successful attack. By utilizing patented Deep Content Inspection techniques, along with orchestrated threat management with multiple layers of protection – INCLUDING AI deep learning / machine learning based threat detection – WedgeARP can SEE the intent of content and is able to detect and block ALL malware (known, customized and never-before-seen), all in real-time. If your organization is concerned about the effects a ransomware attack could have on its systems and operations as well as the financial impact and potential government sanctions it could face, maybe it’s time to think about adding real-time threat prevention as part of its arsenal. Contact our team at: info@wedgenetworks.com to learn more.
Main Website Links
Wedge DCI Search
Wedge Calendar
-
Recent Posts
- Wedge Networks Presents at the Canada Trade Mission to the Indonesia and Philippines
- Wedge Networks announces the general availability of WedgeARP v3.3
- vKey and Wedge: Protect and Extend Device Life in an Education Environment Webinar
- Wedge Networks Inc. Selected for Government of Canada Innovations Direct Buy Program
- Prevent the Rooting of Rootkits: The Critical Role of Real-time Threat Prevention
Recent Comments
- Ram Bathala on Calgary’s Wedge Networks Looks to Channel for Enterprise Push with Malware-Blocking Product
- Eva on Milliseconds Versus Minutes – The Difference Between Prevention and Remediation
- Smithb on Wedge Adds AI for Better Malware Blocking
- Abram on Wedge Joins MEF to Boost World’s Third Network Security
- David Millar on 5G & IoT Dominate MWC16
Archives
- December 2024
- November 2024
- June 2024
- March 2024
- February 2024
- December 2023
- October 2023
- June 2023
- May 2023
- February 2023
- January 2023
- November 2022
- September 2022
- August 2022
- July 2022
- June 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- September 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- October 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- March 2018
- February 2018
- July 2017
- June 2017
- May 2017
- April 2017
- February 2017
- November 2016
- October 2016
- September 2016
- May 2016
- April 2016
- March 2016
- February 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- June 2015
- May 2015
- April 2015
- March 2015
- December 2014
- November 2014
- October 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- April 2013
- November 2012
- October 2012
- September 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- June 2011
- May 2011
- February 2011
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
Categories
Meta
Kaspersky ThreatPost
- Student Loan Breach Exposes 2.5M Records August 31, 2022
- Watering Hole Attacks Push ScanBox Keylogger August 30, 2022
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms August 29, 2022
- Ransomware Attacks are on the Rise August 26, 2022
- Cybercriminals Are Selling Access to Chinese Surveillance Cameras August 25, 2022
- Twitter Whistleblower Complaint: The TL;DR Version August 24, 2022
- Firewall Bug Under Active Attack Triggers CISA Warning August 23, 2022
- Fake Reservation Links Prey on Weary Travelers August 22, 2022
- iPhone Users Urged to Update to Patch 2 Zero-Days August 19, 2022
- Google Patches Chrome’s Fifth Zero-Day of the Year August 18, 2022