The advisory makes specific references to businesses involved in providing cyber insurance and reinsurance, and financial services businesses such as banks and money services businesses, that could be involved in the facilitation of ransomware payments. sanctions if remitting payment to individuals or entities in sanctioned jurisdictions or sanctioned parties. The advisory reinforces previous government guidance 5 not to pay ransomware attackers and goes a step further by issuing a warning to victims-and the businesses that assist victims in facilitating payments-that they could be in violation of U.S. On October 1, 2020, the Office of Foreign Assets Control (OFAC) issued an advisory to assist individuals and businesses in responding to ransomware payment demands with associated sanctions risks. The Office of Foreign Assets Control Advisories In addition to the financial burden caused by the accompanying ransom demand, businesses that facilitate payments to attackers could also be potentially violating sanctions regulations. 4 Victims of ransomware attacks, which could b businesses large and small, are put in a challenging position as they attempt to maintain day-to-day operations while managing the privacy and confidentiality concerns of their comprised data. Undoubtedly, the COVID-19 pandemic has imposed unprecedented challenges on businesses, precipitating a significant increase in cyberattacks. The FBI Ransomware and Digital Extortion Task Force traced the payment and recovered 64 of the 75 bitcoins, making this seizure a rare example of ransomware payments being recovered. An interesting fact about the attack on Colonial Pipeline is that the company made the ransomware payment of $4.4 million by using 75 bitcoins. The company was forced to take some systems offline for several days, causing panic-buying at the fuel pumps, shortages and price spikes in some states. Colonial Pipeline, the largest petroleum pipeline in the U.S., carries approximately 2.5 million barrels a day of gasoline, diesel, heating oil and jet fuel on its 5,500-mile route from Texas to New Jersey. The attack on Kaseya followed another large-scale ransomware attack on the Colonial Pipeline in May, the largest ever cyberattack on the American energy system due to the scale of the operational and economic impact. Ricocheting is the infiltration of the network of a major player in the IT supply chain, most commonly seen in cyber-espionage, 3 and then using it to push malware to their customers’ systems. The seriousness of this attack-and what marks an escalation in the modus operandi of these criminal organizations-is that the attack on Kaseya was not just meant to impact its systems but all its clients’ systems as well by the method known as ricocheting. The attackers accessed Kaseya’s customer data and demanded a ransom of $70 million-the largest ransomware payment demand thus far. A group affiliated with Russian-based Ransomware Evil or “REvil,” 2 a ransomware-as-a-service operation, claimed responsibility for this attack. The “biggest ransomware attack on record” 1 was carried out against Kaseya Limited (Kaseya), a Florida-based IT company. Many Americans were still celebrating Fourth of July when they learned of another ransomware attack-one more sophisticated and with more sinister purposes than previous attacks.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |