Companies victimized by ransomware and firms that facilitate negotiations with ransomware extortionists could face steep fines from the U.S. federal government if the crooks who profit from the attack are already under economic sanctions, the Treasury Department warned today.
Curious to hear the Community's thoughts on this one.
I cannot imagine this as an incentive to strengthen cybersecurity platforms now. If loss of business, confidentiality or data integrity isn't already enough encouragement for businesses to strengthen defenses, being targeted by the IRS won't add much weight.
Kind of scary.
I work for a cybersecurity consulting firm. Some of our clients have been hit with ransomware. A few have paid (tho I don't think we facilitated that).
I know the FBI recommends against that. I recall a year or two ago that several cities here in Florida got hit with ransomware and paid the ransom, in all cases it was paid by their insurance companies, which I was really surprised by.
Interesting question, since these where clients that where hit you probably have some idea of if there was anything they were not doing that left them open to attack. Where they doing all their updates, have proper backups and so on? So was it a case of they had exposure because they didn't so certain things or would you say they were up on everything and this still happened?
@JKWiniger "Interesting question, since these where clients that where hit you probably have some idea of if there was anything they were not doing that left them open to attack. Where they doing all their updates, have proper backups and so on? So was it a case of they had exposure because they didn't so certain things or would you say they were up on everything and this still happened?"
I'm not comfortable saying too much.
Both clients are the healthcare space, each having several hundred clinics, which adds to the complexity. I was heavily involved with the incident response with one, but not the other.
One thing I've seen with such clients is how well they manage all the clinics. Some organizations the clinics are tightly controlled, IT-wise, which should give them a lot of protection IF they are doing all the right things. But I've seen in others where things are decentralized, and so clinics often are doing their own thing, putting the whole organization at risk.
Also, if you don't have people going and checking each clinic, you may find that there are non-standard or poorly controlled systems in place. For instance, with yet another client we found they had bought a group of clinics from another company. They came in, put in their own networking equipment but didn't remove what was there. When I was doing site visits I found WiFi AP still in place and running from the old company, probably still connected to the network.
Often times such organization's IT staff are so small and overwhelmed they don't have the bandwidth to visit each site to make sure things are setup properly.
@emb021 You have said all I need to hear. I hope we see the day when security is step 1... I believe in do it right or don't do it at all. and if they did it right they wouldn't have these problems...