/ TitanHQ Blog
/ Paying Ransomware Attackers Could Land You in Legal Trouble
Posted by Trevagh Stankard on Tue, Feb 1st, 2022
Ransomware attacks could cost you more than just a financial loss, it can result in a legal battle.
2020 & 2021 lockdowns caused a rise in cyber-attacks, especially ransomware and phishing. With more people working from home and desperate for income, cyber-attackers raked in millions in ransoms with an average of one-fourth of victims paying the ransom. These attacks target businesses as well as government entities. As a result, the US Department of the Treasury's Office of Foreign Assets Control (OFAC) issued an advisory warning people that sanctions and possible penalties could be assessed if they facilitate or pay attackers.
Ransomware and Phishing
With more people working from home, businesses are forced to stay productive by giving these employees remote access to internal applications and network resources. While this may be common in larger enterprises, small businesses struggle to set up a system that is both convenient for users but safe from cyber-attackers. Attackers are aware that most home workers do not have the cybersecurity defenses to protect from sophisticated ransomware and phishing, so it’s been a profitable and successful way to compromise home and work devices.
Phishing and ransomware are two devastating attacks, but ransomware usually starts with a phishing campaign. The phishing campaign could be targeted (spear-phishing), or attackers could randomly contact employees found after reconnaissance. The reconnaissance phase of an attack is done by reading social media and LinkedIn to find potential targets. After targets are assessed and the business is reviewed, attackers send phishing emails with malware attached. Another alternative for attackers is to send messages with links to servers hosting malware.
What makes ransomware especially dangerous is that there is no fix or way to eradicate it from the device without backups, but ransomware scans the network for vulnerable files and encrypts them. The only way to recover files if the targeted user has no backups is to pay the ransom. By paying the ransom, OFAC acknowledges that the act of payment facilitates cyber-crime and encourages more ransomware campaigns.
OFAC Sanctions and Incident Response Teams
The new OFAC advisory makes it difficult for incident response teams to fully support clients. Sometimes, the only option is to attempt to pay the ransom, and the software increases the cost if payment has not been made within a short amount of time. Attackers specifically make ransoms a few thousand dollars so that it’s affordable for individuals and businesses, so paying the ransom is a cheaper risk than recovering without backups.
Now, this action falls under new OFAC sanctions and could land an incident response team in trouble with the US government. To add to the risk, the US government requires businesses to know their payees, but attackers go to great lengths to shield their identity. Ransomware malware includes a throwaway email address with a cryptocurrency wallet ID. These two pieces of information are not enough to identify an attacker. Bitcoin addresses are not anonymous, but attackers “wash” cryptocurrency to avoid tracking and identification.
Victims of ransomware are required to alert law enforcement of an attack, but filing a report could be too much overhead for individuals. In a business setting, keeping evidence of a breach affects productivity if it’s the only work computer available to the employee. For the average small business, formatting the computer and recovering from backups is a better revenue-impacting choice than preserving evidence for law enforcement.
The Best Defense is Proactive Anti-Phishing and Anti-Malware Strategies
The most common ransomware vector is targeted with malicious email messages. To effectively stop phishing attacks, businesses need anti-phishing strategies including email server filters and quarantines. Email filters detect malicious attachments and links and quarantines the messages in a safe location. Administrators can review the messages and either forward them to the intended recipient or delete them permanently.
It's a common defense strategy to educate users to help them detect malicious messages, especially users with high-privileged network accounts. However, this method still relies on user interaction and leaves room for human error. With email filters, messages never reach the recipient’s inbox, so risk is greatly reduced and human error eliminated. Should there be a false positive, administrators can forward messages and change settings to better identify real threats rather than harmless messages.
Organizations can’t obtain a 100% no-threat network, but they can implement defenses that greatly reduce it. Going into 2021, ransomware will have increased penalties even for incident response teams. By adding email filters to regular operational servers, administrators and cybersecurity teams can protect the organization from one of the biggest threats to business continuity and data integrity.
Use SpamTitan Email Protection, to protect your business from spam, viruses, malware, ransomware and links to malicious websites. With a spam catch rate of 99.99%, you can be assured that harmful emails will not enter your organization. Get in touch with a SpamTitan team member to discover how we can better protect your business from ransomware attacks. Get in touch today.