Ransomware threats are on the rise in recent years, and new threats are accelerating. This type of malware is extremely destructive as it encrypts the files of infected users and locks you out of your own data unless you pay the ransom, typically in the form of Bitcoin cryptocurrency, which enables criminals to hide. Its a big money maker for criminals, and as long as victims continue to pay the ransom, the threats will continue.
That could be changing, though, because the US Federal Government has stepped in and issued a warning that companies that pay the ransom and companies that facilitate ransomware payments could face steep fines if the criminals are already under investigation.
In it's advisory, the Treasury Department's Office of Foreign Asset Control (OFAC) said: "companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations."
Simply put, if you help a criminal commit a crime you will also be held responsible.
Ransomware can take your business out of commission for days, weeks, months or forever. Too many small businesses think they're under the radar of cyber criminals thinking they're too small to be targeted. In fact, most threats are not targeted, but instead widely distributed on line. It doesn't matter how important your data is to the criminal, it matters how important the data is to YOU. We talk to so many businesses who think this isn't a real threat, but it is. Planning on paying the ransom or collecting insurance to cover your loss won't fly.
With the new advisory, it's more important than ever to establish proactive protection to help against risks. What can you do?
- Use multiple security solutions to protect all endpoints. Every computer or device connected to your network needs to be protected. No single layer of security is enough.
- Establish a Business Continuity Plan. Don't wait until disaster strikes. Have a plan and be ready. Don't write an encyclopedia. What data is most important to protect? What data needs to be restored first? What will employees do if they can't access company files.
- Ongoing Employee Security Training. It's estimated that about 90% of cyber threats come through email. Are your employees trained to spot a suspicious email? How would you know?
Ransomware could ruin your business. Contact Ekaru for a free security assessment for your small business and check out our technology solution blueprint for businesses to stay protected.
For more information check out these resources:
- Krebs on Security - Ransomware Victims That Pay Up could Incur Steep Fines from Uncle Sam - Full Article
- US Department of Treasury Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments - PDF - 5 Pages