Possible sanctions could impact MSPs, which have come under increased attack in recent years
The U.S. Treasury Department’s recent threats to sanction companies that pay ransomware demands and organizations that facilitate such payments come as the incidence of ransomware and other cyberattacks has increased during the COVID-19 pandemic and as MSPs continue to be targeted by bad actors.
The Lowdown: Two offices within the department – the Office of Foreign Assets Control (OFAC) and Financial Crimes Enforcement Network (FinCEN) this month – October is Cybersecurity Awareness Month – issued the advisories that outline what ransomware is, the multiple steps taken to pay and launder the ransomware payment, and the threat that such payments pose to national security.
The Details: The OFAC memorandum said companies that pay ransoms and those that enable such payments could violate the U.S. International Emergency Economic Powers Act and the Trading with the Enemy Act. The OFAC has a list of people and organizations on its Specially Designated Nationals and Blocked Persons List, as well as a list of other blocked people or entities and regions, such as China, Russia, North Korea, and the Crimea region of Ukraine, with which U.S. citizens are prohibited from transacting.
Such entities and countries may use the money gained through ransom payments to perpetrate further attacks against the United States and businesses. Rather than pay the ransom, victims should contact the OFAC or the Treasury Department’s Office of Cybersecurity and Critical Infrastructure Protection if the attack involves a financial institution in the United States or may disrupt a company’s ability to perform financial services.
FinCOM in its advisory outlined the complex methods of processing ransomware payments, the multiple players that tend to be involved – from the victim through financial institutions and money service businesses – and the methods used by the bad actors to launder the money, which comes to them in the form of cryptocurrency. Entities or people at any step of the process are vulnerable to U.S. sanctions.
The office also outlined red flags organizations should look out for that can indicate a ransomware attack.
The Impact: Ransomware over the past several years has become a significant cybersecurity problem. According to the FBI, the number of reported ransomware cases jumped 37% between 2018 and 2019 and related losses increased 147%. The OFAC noted that while larger enterprises are targeted by such attacks, so are SMBs, local governments, hospitals, and school districts, which have fewer resources to combat attacks.
MSPs have not been spared. They use such tools as remote monitoring and management (RMM) solutions that give them access to their end clients’ infrastructures, which makes them an efficient pathway into multiple corporate networks. The FBI and Department of Homeland Security in 2018 warned MSPs and cloud providers that cybercriminals were targeting them in hopes of exploiting their customers. Industry groups like MSPAlliance and CompTIA also have put a spotlight on the threat to MSPs, and a broad array of vendors are increasing their portfolios and training offerings to improve MSP security.
MSPs also are making security a priority, according to surveys conducted by such companies as Kaseya, which found that more than a third of MSP respondents said their businesses were more prone to attack than last year and that 95% said some or most clients rely on them for cybersecurity plans.
The Buzz: “Cybercriminals have deployed ransomware attacks against our schools, hospitals, and businesses of all sizes,” Deputy Secretary Justin G. Muzinich said. “Treasury will continue to use its powerful tools to counter these malicious cyberactors and their facilitators.”