Information Security
 

Paying Ransomware Demands Can Be Illegal

January 28, 2021

If you are targeted by hackers with ransomware and decide to pay the ransom to get your data back, you might be investigated by the government. The current regulations come from the International Emergency Economic Powers Act and the Trading With the Enemy Act. These essentially make it illegal for companies and individuals to pay the hackers on the Office of Assets Control’s list of cyber terrorists. This also includes people who may pay on behalf of a client, such as a cyber insurance company.

According to a memo released by the OAC, “[organizations] are generally prohibited from engaging in transactions, directly or indirectly, with individuals or entities on OFAC’s Specially Designated Nationals and Blocked Persons List, other blocked persons, and those covered by extensive country or region embargoes.” This includes organizations that may not be on the list.

Cyber criminals started with individuals, but as they made more and more money they were able to refine their process. They are now targeting entities such as banks, hospitals, legal firms, and schools. Some of the cyber criminals have taken it a step further and created ransomware as a service. In these cases, the ransomware variant is rented out to the user and the owner is given a cut of the ransom. It’s very sinister, and it doesn’t seem to be getting better.

In 2020 the total amount paid for ransomware attacks increase more than 300% when compared to the previous year. This amounts to a nearly $350 million payday for the bad guys. To make matters even worse the actual numbers are likely a lot higher due to underreporting.

It may seem important to pay the ransom in order to retrieve your data and/or make sure that it doesn’t get released to the public, but in some cases the sanction you may receive will cost more than the demands. In many cases making payment only escalates the situation. In others the criminals don’t even make good on their promises to return stolen data or provide decryption keys.

Don’t Become a Victim:

Endpoint Security

Most ransomware attacks start with a single workstation or server. All your machines need to be secured with Endpoint Security that can protect your organization from all cyber threats, not just ransomware.

Awareness Training

Having employees that are conscious of their role in an organization’s information security is extremely important. Deploying the right awareness training will help mitigate and even prevent ransomware attacks.  

Backups

Technically, you will still be a victim if ransomware is deployed on your network. Having a solid backup solution can help you avoid major disruptions and keep you from having to negotiate with terrorists.

Policies & Procedures

Almost every single victim of ransomware lacks the proper policies and procedures to secure their organization. This failure to prioritize information security often leads to a damaged reputation, lost revenue, bankruptcy, and, in some cases, organizations have to close their doors for good.

Policies & Procedures

Traditional solutions don’t fit their environment and they aren’t agile enough to keep up with the evolving landscape. This always leads to problems that can be traced back to poor implementation, or lack, of modern policies and procedures. Don’t make the same mistakes. Allow us to connect you with our partner today.

Company Cyber and Security Departments’ Budgets on the Rise

October 22, 2020
Many companies put their tech security departments on the wayside, choosing to instead focus on things that would directly make the company money. However, with preventative costs showing more value than recovery costs, it’s a no-brainer.

Employee Information Not as Protected as Customer Data

October 21, 2020
H&M Group, a Swedish company specializing in apparel, was recently fined over forty million dollars because they collected excessive personal data on their employees and failed to protect that information.

Here’s How Much Your Stuff is Going to Cost to Get Back

October 20, 2020
It was so kind of you to leave your systems so vulnerable. It was very easy for me to grab a few things I thought I wanted. Turns out I don’t really need them, so I’ll be glad to give them back. For a price.

Phone Scams are Costing Americans Millions

September 30, 2020
I’m pretty sure I’ll be arrested after I finish this article. I got a call from some government agency and there are several warrants for my arrest because I didn’t pay my taxes. They said I could pay up and make it all go away, but I think I ‘ll take my chances.

Cyber Criminals Really Like When You Use Sticky Notes

September 30, 2020

Dear Users at XYZ Corp,

I really appreciate all of those colorful sticky notes on your desks. First, I would like to thank Susie from accounting. That office party photo on social media with the door code stuck to someone’s monitor was picture perfect. After using that code to access the building, I found many more users to thank. No one suspects a thing when you come through a coded employee entrance dressed like an IT professional. Everyone did a great job at locking their computers when they left for lunch. I want to thank Gary for leaving his password stuck to the bottom of his keyboard. With my remote access software installed, I don’t even need to come back later. Jill, the office manager, was kind of enough to leave her email credentials on a bright green sticky note. That gave me the green light to email everyone letting them know I’d be stopping by their desk to make the network run faster. The HR Director’s secretary deserves some appreciation as well. I’m sure she spent a lot of time converting her boss’s entire company and personal schedule into a beautiful sticky note rainbow. This will be a big help when I need to know where her boss is.

Later that evening that remote access really paid off. After getting access to all of the company’s employee records, I now know the HR Director’s home address and it looks like there’s a family vacation scheduled next week. Again, I want to thank you all for making it so easy for me to exploit XYZ Corp. I couldn’t have done it without your lovely sticky notes.

Sincerely,
The Cyber Criminal

Thank You Sticky Note on Keyboard

Awareness Training

It’s time for a training solution that is easy to understand, deeply engaging, remarkably consistent, and to-the-point. You’ll maintain productivity while keeping information security top-of-mind.  Click on the button below to get started with our partner providing awareness training with an unmatched value. 

Is My Business a Target for Hackers

September 30, 2020
If you need to pick a lock, hot-wire a car, or hack into a company’s enterprise server it’s extremely likely that there is a video on YouTube.

Subscribe to Our Newsletter

We send out new articles every week. They'll help keep you informed about important information security topics and news.