U.S. Sanctions Add Layer Of Risk To Ransomware

Ransomware has been on a dramatic upswing over the last couple of years. The proliferation of Ransomware As A Service (RAAS), the subsequent lowering of barriers for both criminal groups and state actors, as well as the payment of ransoms have helped drive this dramatic increase.

According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), most ransomware attacks start through phishing, exploitation of remote desktop protocols, or software vulnerabilities. Therefore, increasing security and training in these areas can help significantly reduce an organization’s ransomware risk.

While the CISA and FBI have long discouraged paying ransoms, as it just adds more fuel to the fire for the ransomware industry. There is now the added layer of sanctions against Russia to contend with. According to blockchain analysis firm Chainalysis, $400M in known ransom payments went to Russia last year. That total accounts for 74% of known ransomware revenue. If a ransom were to go to a sanctioned person or organization, it might run afoul of the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC). According to OFAC, anyone who pays or facilitates a payment to a sanctioned individual or organization—without first seeking U.S. government approval that very likely won’t be granted—may face financial or criminal penalties. This also creates an additional layer of uncertainty regarding insurance payouts to help cover ransoms.

The best way to ensure that your organization doesn’t need to make a choice about ransomware is to do the basics. Anti-phishing training and detection, two-factor authentication, network monitoring, and making sure all applicable patches are implemented. To further protect your IT infrastructure, consider implementing a zero-trust architecture.

If you have questions about ransomware, IT security, or phishing training, call ITPAC today.