Security expert Brian Krebs has provided an in-depth explanation of why the U.S. government is discouraging ransomware victims from paying their extortionists.
“In its advisory (PDF), the Treasury’s Office of Foreign Assets Control (OFAC) said “companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations,” he reports.
“The Federal Bureau of Investigation (FBI) and other law enforcement agencies have tried to discourage businesses hit by ransomware from paying their extortionists, noting that doing so only helps bankroll further attacks.
“But in practice, a fair number of victims find paying up is the fastest way to resume business as usual. In addition, insurance providers often help facilitate the payments because the amount demanded ends up being less than what the insurer might have to pay to cover the cost of the affected business being sidelined for days or weeks at a time.”
Read his post here: Ransomware Victims That Pay Up Could Incur Steep Fines from Uncle Sam.