Ransomware attacks could have more legal ramifications than most business owners know
Make sure you have a plan to deal with it
Ransomware payments and cyberattacks continue to headline the news lately. Many organizations find themselves having to weigh the cost of ransom payments against total business shut down. We have seen increases in attacks against small businesses, hospitals, and school districts. US Department of Treasury sanctions could cost more financial losses to businesses who fall, victim, to ransomware attacks.
Did you know, the Office of Foreign Assets Control ("OFAC") is a financial intelligence and enforcement agency within the U.S. Treasury Department? They are tasked with cataloging Specially Designated Nationals and Blocked Person List. They enforce economic and trade sanctions based on US foreign policy and national security goals against targeted foreign countries and regimes, terrorists, etc. that pose threats to national security, foreign policy, or the economy of the United States. This includes the payment of cryptocurrency ransoms. The OFAC has not yet ordered penalties against businesses that pay ransom to a Blocked person or entity, but companies in the midst of considering payment should proceed carefully and seek diverse legal consultation. A company could see its financial exposure rise well above the ransom payments if the Treasury Department finds out about the payment and decides to assess a fine from $300,000 to $ 2 million on top of the ransom paid because the payment went to any group or person cataloged on their list. This does not include legal fees and scars to a company's reputation.
"Most companies would have no way of knowing the identity of the group carrying out the ransomware attack. But, forensic agencies are starting to form theoretical links between ransomware types and the origin groups. In the future, those links may become strong enough to levy penalties against companies paying ransoms."
It is more important than ever for companies to take cybersecurity and data backups seriously. At BeCloud, recently we have proven invaluable to a company by recovering data after a vicious ransomware attack. We restored all the data from our managed backups without the business paying a ransom. This company had done our security audits, security training, and managed backups so they were well covered when the attack occurred and as a result, only experienced a limited four-hour outage.
Take security seriously trust BeCloud to manage your IT.
Join us and make your company a more secure place.