A study conducted by IBM recently discovered that ransomware was the #1 cyber threat in 2021, making up 23% of all cyber attacks. With the growing cybercrime rates, it makes sense that the federal Office of Foreign Assets Control (OFAC) has issued some updated guidance on how companies should defend against and handle ransomware attacks.
The OFAC's number one protocol for dealing with ransomware attacks is simple: do NOT pay the ransom money. Criminals tend to overlook their end of the deal, resulting in leaked or lost data even if the ransom money was paid.
More and more companies hit by a ransomware attack have realized that their data, once stolen by cybercriminals, is as good as lost whether or not they pay the money. Further, giving in to their ransom demands could result in more ransomware attacks in the future (as they label you an easy target), destabilizing your company's cyber security altogether.
So what does the government have to say about ransomware attacks and their impact on small businesses?
Have cyberattack prevention protocols in place. These attacks are no longer a question of "if" but "when." A sound cybersecurity plan packed with all the tech essentials can help detect, identify, and prevent viruses from gaining control over your systems. OFAC and other federal bodies can impose heavy criminal and civil penalties on a company that pays the ransom due to not taking meaningful steps to protect itself. This punishment includes all parties involved in facilitating the payment (negotiators, banks, insurers, etc.)
Cryptocurrency sanctions. Some virtual currency exchanges are now prohibited for persons in the U.S., such as SUEX OTC. This is because they have facilitated ransomware transactions for attackers.
Report every ransomware attack. OFAC urges companies to self-report all such attacks to government cybersecurity agencies and FBI offices.
These guidelines promote the famous adage: "prevention is better than the cure." OFAC stresses the importance of companies doing their utmost not to engage in and actively defend against anything that could open the door to ransomware attacks.
Doing due diligence in the form of:
educating staff on best practices and password management,
b) installing current cyber security software and tech, and
c) maintaining backups of all company data (especially confidential, sensitive material)
is necessary to prevent both business-draining attacks and punitive penalties from the government.
A comprehensive cyber liability insurance policy can also help cover some of the liability charges that could occur during a ransomware attack. Talk to one of our experts today on how to better protect and insure your company's cyber presence.