“Let’s just pay the ransom…”
This is something I have heard more than once during a ransomware attack. Sometimes it is when the victim has been placed in “checkmate.” Critical systems are encrypted with no backups, at all period. Other times it has been after discussing the risks to which an organization exposes themselves.
“We’ll just pay the ransom.” Unfortunately, it is not that easy. As it turns out, a multitude of these hacking groups are in nations under sanctions by the United States government. This means it is illegal to do business with these organizations. (And this is assuming that paying the ransom actually works and you do get the encryption key to your data, which is hit or miss as it is.)
In a recent advisory notice, the US Treasury Department outlines that companies that facilitate payments to cybercriminals risk violating Office of Foreign Assets Control (OFAC) regulations. This includes cyber insurance companies that make payments on behalf of the victims. Additionally, you can face civil penalties from the US Treasury Department even if you did not know it was illegal.
While this is not a new policy it is interesting that they recently issued this notice. If you have cyber insurance, they should have a procedure in place to work with the OFAC.
All this being said, the best recourse is to avoid getting to this point. Please take measures to secure your environment. Ransomware attacks are on the rise, not the other way around.