Cyber Attacks and Ransom Payments: Treasury Warns Against Keeping Ransomware Payments Quiet

Background

A ransomware infection can have a significant financial impact on an organization. American digital security and data backup firm Datto found that ransomware is costing businesses more than $75 billion a year. Part of that financial impact results from downtime costs.

Govtech also revealed that businesses lost an average of $8,500 per hour as the result of ransomware-related downtime, while Coveware placed the total amount of downtime damages at $65,645 per crypto-malware incident.

Payments

Victims of ransomware schemes and financial institutions could violate sanctions or anti-money-laundering rules—and face stiff penalties—if they facilitate or make payments to attackers, the U.S. Treasury Department said in a pair of advisories last week.

The notices, issued by units of Treasury’s Office of Terrorism and Financial Intelligence, warned victims and organizations that assist them to be particularly wary of making ransomware payments to blacklisted individuals and entities, including hacker groups in countries such as Iran, North Korea, and Russia.

Financial institutions are required to file reports that identify suspicious transactions, including those potentially involving ransomware or other criminal activity. Such Suspicious Activity Reports, or SARs, are intended to help federal officials disrupt the flow of money to terrorists, drug traffickers, arms proliferators, and other bad actors.

Many companies don’t report those payments for fear that authorities will shut down transactions needed to regain crucial business data, said Al Saikali, chair of the privacy and data security practice at law firm Shook, Hardy & Bacon LLP.

The OFAC advisory reminded victims and organizations—including those offering cyber insurance or involved in ransom payments—that their sanctions compliance programs should consider risks related to engaging blacklisted entities.

Targets

In terms of targets, IBM Security X-Force has observed a general shift in ransomware attacks. Specifically, ransomware is hitting manufacturing companies hardest. These account for nearly a quarter of all the incidents responded to so far this year. The professional services sector is the second most targeted industry and has experienced 17% of ransomware attacks. Government organizations follow in third place at 13% of attacks.

Attacks on these three industries suggest that ransomware threat actors are seeking out victims with a low tolerance for downtime, such as manufacturing networks. Organizations that require high uptime can lose millions of dollars each day due to a halt in operations. Therefore, they may be more likely to pay a ransom to regain access to data and resume operations.

In addition to these sectors, IBM Security X-Force has also noted an uptick in ransomware attacks on academic institutions throughout 2020. Particularly as schools and universities begin classes virtually or are experimenting with hybrid environments due to COVID-19, attackers are finding them to be an attractive target for ransomware attacks.

Closing

Stay tuned for more details on this matter.  I welcome your thoughts and comments!

For information on Board Oversight and Cyber Strategy go here.

Best,

Jonathan T. Marks, CPA, CFE

 

 

 

Attribution:

IBM

WSJ

Security Intelligence

%d bloggers like this:
Skip to toolbar