It's no secret that ransomware attacks have been on the rise over the last couple of years. Many companies, desperate to get their files back, have resorted to simply paying the ransom and hoping the hackers act in good faith and keep their word where unlocking the files is concerned. That approach just got a lot more complicated, thanks to the OFAC (Office of Foreign Assets Control), which is a part of the Department of the Treasury.
In a recently unsealed grand jury indictment against a pair of Iranian hackers, we've learned that in addition to identifying the hackers by name, they've also been identified by their specific cryptocurrency wallet address.
Here's why that matters:
The OFAC has added both hackers to the Specially Designated Nationals and Blocked Persons List. That means that US citizens and businesses are forbidden to do business with or conduct transactions of any kind with them, including sending ransom payments to their cryptocurrency addresses.
Since federal investigators are monitoring those wallets now, any ransom payments sent to them could easily be traced back to the person sending the funds. At that time, the sender would be subject to secondary sanctions and fines that would be far more than whatever the original ransom amount might have been.
Needless to say, this complicates things a great deal for companies hit by ransomware attacks and it makes it all the more important to have a strategy in place to recover your files if you are successfully attacked in this manner.
Failure to do so could be ruinously expensive. In addition to suffering system downtime (which will cause your company to bleed red ink), and the funds lost paying the ransom, now you've got to worry about the federal government. Not good.