"When Cyber Gangs Disregard Ransomware Payments, Victims Can Be Hit Twice"
The cybersecurity company Coveware released a report revealing that nearly half of the ransomware attacks that it had tracked in the third quarter included threats to leak unencrypted data. However, several of the gangs behind these attacks did not honor their agreement to delete victims' stolen data despite having received ransomware payments. For example, victims of Sodinokibi/REvil ransomware were hit again just a few weeks after paying the ransom for the same data. Such incidents pose the question as to whether victims should pay ransomware attackers. Victims are advised not to pay because there is no guarantee that they will receive a working decryption tool for their data if they give in to the attackers' demand for a ransom payment. Coveware's report also highlights that there is no way to verify whether attackers will delete stolen data. The U.S Department of Treasury's Office of Foreign Assets Control (OFAC) issued an advisory in October 2020, discussing potential sanctions risks associated with sending ransomware payments to cybercriminals. OFAC designated several malicious cyber actors responsible for the creation or distribution of ransomware. Payments to those actors encourage the launch of more ransomware attacks, potentially harming national security and foreign policy. Users and organizations are urged to focus on improving their ability to prevent ransomware infections. This article continues to discuss findings surrounding cyber gangs' dismissal of ransomware payments, the decision to pay ransomware attackers, and how ransomware infections can be prevented.