Ransomware payments to be made illegal?

After the massive ransomware attacks on Colonial Pipeline and JBS four states have introduced legislation making ransomware payments illegal. The federal government is also exploring making ransomware payments illegal for some entities as well as requiring mandatory reporting of ransomware attacks. The FBI has always given the advice not to pay the requested ransom because successful attacks only encourage the bad actors to continue. While this is true, not paying can sometimes lead to devastating consequences for victims.

The cybercriminals that perpetrate ransomware attacks often have access to a victim’s computer or corporate network for weeks or months before actually launching the attack. They often use this time to steal information from victims that can later be released or exploited if they don’t pay which potentially exposes the company’s clients to further harm. They also use this time to try and disable and delete backups that could potentially be used to recover after the attack.

Unfortunately, many companies do not have a reliable plan in place to deal with a successful ransomware attack. Their users are not trained on how to avoid the theft of their credentials through phishing, there is insufficient network monitoring to potentially detect an intruder as they map the network and steal data and there is no adequate backup and recovery plan in place.

If you’re concerned that your company may not be prepared for a potentially devastating ransomware attack, contact us and we can put you in touch with one of our technology partners offering managed services.