Ransomware Payments are Now Illegal: 5 Best Practices on How to Avoid Them
The Rise of Dark Markets
The interconnectivity of the world wide web has bountiful benefits; but the bright picture has a dark negative. A criminal market has grown where hackers infiltrate your network, encrypt your files, and demand a ransom if you ever want to see them again.
The software these criminals surreptitiously trick you into downloading is called “ransom malware”, or ransomware. It has proved to be so successful that an entire economy exists around ransomware: hackers know how to price their ransoms based on your native country, the wealth of your company, etc.: optimizing the likelihood that you pay, and pay quickly.
Why You Shouldn’t Pay Ransoms
Although most say they would never pay a ransom, in reality payments are quite common. Here’s why you should never pay.
The Philosophical Reason
Payment enables these criminals, and it will embolden them to carry on with their nefarious behavior. It is said that crime doesn’t pay, in this case, it’s up to you to make that a reality.
The Market Reason
Simple supply and demand promises that if more people are willing to pay for their data back, it will incentivize more hackers to enter the market, encrypting and creating more demand for restored files.
If we all link arms and stop paying at the same time, demand will drop to zero and hackers will have no choice but to leave the market.
You May Not Get your Data Anyway
Experts guess that 2 out of 3, or 3 out of 4 times you’ll get your data back (exact data on this is unreliable). Back to the subject of market forces, hackers generally do want to come through and return the data, ensuring that their product will be trusted in the future and continue to draw revenue.
But some hackers do just disappear after receiving their bitcoin payments, and sometimes they encrypt files with no way (or intention) to recover.
Some hackers have been known to leak sensitive data even if they receive payment.
You May get Attacked Again
If your firm is known to pay out, you will likely be targeted again. Of course, post hack, a firm will naturally beef up security… but I wouldn’t want a target on my back, attracting hackers to constantly monitor my security, looking for weaknesses.
There are no scruples, no rules of engagement, there is no reason why the same hacker, who’s seen the inside of your system, won’t attack you again.
The Government has Made it Illegal
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) recently released an advisory that paying ransoms are now illegal, and you can face fines if you’ve made payments to sanctioned hackers.
Further, it makes clear that even if you didn’t know it was illegal, you will be liable:
“OFAC may impose civil penalties for sanctions violations based on strict liability, meaning that a person subject to U.S. jurisdiction may be held civilly liable even if it did not know or have reason to know it was engaging in a transaction with a person that is prohibited under sanctions laws and regulations administered by OFAC.”
Cost Benefit Analysis
Despite all of these compelling reasons, firms still decide to pay the ransom, especially if the price is low. For some firms the downtime, or the PR disaster, or a myriad of other reasons makes payment more attractive than the risks above.
So the simple action point is invest now and lower the cost of NOT making a ransomware payment in the future.
How? Here are a few best practices to put yourself in a position to where not paying will cost your firm less than the ransom itself.
- Thoroughly train your staff: prevention is key. Educate yourself, and train your team on what a Phishing attack is (the most common attack), and the myriad of other ways hackers try to trick workers into giving them access to your network.
- Have a well-tested disaster recovery plan: You need an IT team that has a specific protocol to activate in the event of an attack. Test it frequently, and, pro tip: PRINT the plan because in an attack the recovery file itself may get encrypted and/or your printers may go down.
- Have an IT dept. back up data constantly, securely, and off site: This is one of the core functions of an IT department. Notice above it says “disaster”, not “ransomware” recovery plan. Having thorough backups insures against a range of other disasters beyond ransomware attacks and is thus quite cost efficient. Let’s be clear: if your data is encrypted, the only way to get it back is with the hackers’ decryption key. Hackers used to make mistakes in the encryption where you could feasibly recover files on your own. But these days, if you don’t pay the ransom, those files are gone. You need a reliable and frequent backup.
- If you’re attacked, don’t rush: Carefully restore to a backup. Work too impulsively, and the hackers have been known to still be in your system and encrypt your backup as well. An expert IT team will know how to make sure it’s safe to get back to work.
- Get an IT team that can see the early signs of a breach: Attackers will “typically spend five to 20 days in a company’s systems before they launch the actual encryption”. An experienced team may be able to detect and prevent an attack before the encryption happens.
Summary
God forbid your firm is ever attacked, the choice boils down to what’s cheaper: to support this criminal industry, risk getting fined by OFAC, and risk never getting back your data or having it leaked anyway? Or do you want to lean on your technical team to safely follow disaster protocol, move your team securely to a backup, and delete the ransomware.
In order to resist a ransomware attack, you need an experienced IT Team. WAMS Inc. is a leading provider of cybersecurity in Southern CA, established 1974. Give us a call at (800) 421-7151 or email us at khaight@wamsinc.com for a free quote!