You are about to leave Risk Strategies website and view the content of an external website.
You are leaving risk-strategies.com
By accessing this link, you will be leaving Risk Strategies website and entering a website hosted by another party. Please be advised that you will no longer be subject to, or under the protection of, the privacy and security policies of Risk Strategies website. We encourage you to read and evaluate the privacy and security policies of the site you are entering, which may be different than those of Risk Strategies.
As discussed in Part I, How to Avoid a Ransomware Payment, insurers strongly discourage paying criminals. Meeting a ransom demand rarely brings relief for the victim, and it emboldens bad actors to continue this type of attack. If ransomware has blocked and locked your organization’s computers and files, you need to engage your legal counsel and insurance company immediately. Here’s an important reason to ignore ransom demands, along with tips for avoiding a ransomware attack in the first place.
Most organizations train employees on how to avoid corrupt bribes and payments when conducting business overseas. A ransomware payment can fall into the category of prohibited transactions.
In October 2020, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory to businesses and coordinators of ransomware payments. It said organizations can face strict civil and criminal penalties for supporting, paying, or assisting bad actors listed on the OFAC’s Blocked Persons List.
Similarly, the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued a warning in October 2020 to financial institutions. It noted that involvement in ransomware transactions may be a “money transition” subject to additional accountability.
Unfortunately, it can take a prolonged time to verify if a ransomware attack is coming from an actor on the Blocked Persons (SDN) list. Typically, a company will engage a third-party forensic investigation through their cyber insurance carrier, and OFAC will perform another independent investigation.
If, months after a ransom payment, the OFAC investigation discovers the payment unknowingly went to a listed actor, your organization could still face sanctions. Also, if either investigation turns up a connection, the insurance company will not assist with the payment. Your organization takes on all the risk and expense, with no guarantee of getting back what you need from the attacker.
Paying a ransomware demand encourages bad actors, with only a small chance of getting the data restored. The best response to this cyber risk is setting up a secure defense to prevent a ransomware attack.
If you have not already implemented these five steps, your digital assets are in jeopardy:
With ransomware, there is no ideal scenario. Companies risk losing money, data, and their reputation — and paying the ransom could do little to restore it all. Preparing your network security and controls with a robust defense and recovery strategy will put your business in a stronger position to ignore ransom demands if an attack occurs.
Want to learn more?
Connect with the Risk Strategies Cyber Risk team at firstname.lastname@example.org.
About the author
Allen Blount leads the Cyber Team at Risk Strategies, where he guides clients on navigating cyber risks such as ransomware attacks. He specializes in both cyber insurance and tech E&O (errors and omissions). Before his insurance career, he practiced law.