With many organizations considering to pay the ransom should they experience an attack, new guidance from the U.S. Treasury may put a damper on an organization’s ability to pay.
When hit with a modern ransomware attack today, the idea of paying the ransom has been brought back into the spotlight due to multiple ransomware variants also exfiltrating data (in addition to encrypting the organization’s data and systems), threatening to publish the data publicly. In essence, given the 98% decryption rate when the ransom is paid, it’s often in the organization’s best interest to pay the ransom (assuming they can verify data has actually been stolen).
And, as if dealing with a ransomware attack isn’t enough, the U.S. Treasury’s Specially Designated Nationals and Blocked Persons List designates individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries, and prohibits dealing with anyone on the list – which includes paying ransoms via cryptocurrency.
With the ability to pay a future ransom in question, organizations need to take a more proactive stance – one where the goal doesn’t revolve around a response plan, but focuses on stopping ransomware from ever gaining a foothold within the organization. According to recent data, the majority of organizations falling victim to ransomware attacks do so via a phishing attack. That puts the lens squarely on the user. Users that undergo continual Security Awareness Training are better prepared for when (not if) a malicious email reaches their Inbox. This training helps users understand the need for vigilance when interacting with potentially harmful emails and educates them on how to identify suspicious or malicious content that may be the starting point for a ransomware attack.