Is Paying the Ransom in a Ransomware Attack Now Illegal?

by Nov 16, 2020Security

Being able to thwart a ransomware attack – and avoid paying the ransom – is now more important than ever.

After the U.S. Treasury recently issued a statement warning of the risk of sanctions for paying the ransom in a ransomware attack, there has been much discussion as to whether it is now “illegal” to pay hackers to get your data back.

The legality is still a bit murky. Under the current guidance, likely nobody will be going to prison for paying such a ransom. However, companies may now face steep fines for doing so.

For now, it may be a stretch to say that paying hackers is “illegal,” but one thing is for sure – if your business does not have a solid business continuity and data backup system in place to combat ransomware attacks, you will be at a heightened risk for falling prey to an infection and paying a ransom that could get you into further financial trouble.


A Federal Response to the Threat of Ransomware

Why now?

The global pandemic has brought about a slew of new cyberattacks on businesses, governmental agencies and other organizations. According to some estimates, ransom demands have spiked by as much as 100% during the coronavirus outbreak.

Federal authorities have been warning of the rise in attacks since March. In its statement this month, the Treasury Department admitted that this spike is the reason they’re taking action, stating: “Demand for ransomware payments has increased during the COVID-19 pandemic as cyber actors target online systems that U.S. persons rely on to continue conducting business.”


Who’s Behind the Attacks? That’s What Matters

Here’s the important thing to keep in mind. The people who are using ransomware attacks to wreak havoc and make money are not limited to solo hackers. Rather, an increasing number of ransomware attacks have been carried out by terrorist organizations, nation-states and sanctioned entities.

So by paying the ransom in a ransomware attack, you could be inadvertently supporting foreign adversaries. That’s where the risk of sanctions now comes into play.


Why Paying a Ransomware Ransom was Always a Bad Idea

In its advisory, the federal government made clear that companies might risk sanctions for paying ransoms in ransomware attacks. But aside from trying to deter businesses from inadvertently supporting foreign adversaries, the U.S. is doing what it can to try to mitigate these attacks across the board.

Ransomware payments have always been problematic in other ways. For one, they encourage cyber thieves to continue their attacks, thus making the ransomware market lucrative. Furthermore, paying the ransom doesn’t guarantee that the encrypted data will be unfrozen. So regardless of how much money you pay up, it could go down the drain without your data ever being restored.

This is precisely why the federal government is leaning toward making the payment of ransoms illegal or at least penalizing companies for doing it. Otherwise, the ransomware market will only continue to grow and cause more havoc on businesses.


The U.S. Treasury’s Take on Ransomware Payments

What steps has the U.S. Treasury taken so far?

The Treasury Office of Foreign Assets Control as well as its Financial Crimes Enforcement Network issued two separate advisories, warning that those who facilitate the payment of ransoms might be at risk of sanctions, even if they or those victimized did not understand the hackers requesting the ransom were targeted for sanctions. So even in the most desperate situations, in which paying the hacker seems like the only viable option for restoring operations, businesses who pay up could still be penalized.

The advisories stated that any business or entity wishing to pay such a ransom might have to register as an official money services enterprise to avoid potential penalties. Aside from all the other headaches, this creates an additional series of roadblocks and reporting requirements for affected businesses.

The Urgent Need to Take Action

As a result of these developments, IT providers are urging their clients to update their data backup systems to stronger BC/DR solutions.

In some cases, providers are requiring their most vulnerable clients (i.e. businesses who do elect not to deploy adequate data backup) to sign waivers that remove the risk of their liability if sanctions were to occur. Managed-service providers who are tasked with helping their clients restore their data via negotiation with the hackers do not want to be held responsible if government sanctions come later.

That’s how serious this problem has become.


How is Ransomware So Destructive?

Ransomware is a form of malware that encrypts computers and services, holding a business’s data hostage until payment is provided.

When businesses have no other choice, they sometimes provide payment to satisfy ransom demands in order to regain access to their systems – though the FBI strongly discourages doing so.

Over the last five years, ransomware has become the most destructive data-loss threat to businesses around the world, crippling their operations and often causing millions of dollars in losses.

In some cases, cyber thieves also manage to copy their victims’ sensitive data and then threaten to disclose it publicly, adding salt to the wound of the initial attack. This heightens the incentive even further for victims to pay the ransom, typically through cryptocurrency. If the ransom is paid, hackers are supposed to provide a key to decrypt the files in question – though that doesn’t always happen.

A major loss of data can cause crippling downtime for an organization, costing anywhere between $10,000 to millions of dollars per hour, depending on the size of the company.

A Worsening Situation All Around

Ransomware attacks have become more sophisticated, focused and costly in recent years. The FBI’s Internet Crime Reports indicate there has been nearly a 40% yearly hike in reported ransomware cases. Furthermore, losses tied to ransomware attacks have spiked nearly 150% from 2018 to 2019. These attacks target businesses of all sizes, state and local governments, universities, healthcare systems and other groups.

In fact, ransomware attacks are now being launched by nation-states such as North Korea, making the problem even more complex. The last thing the federal government wants is for American businesses to be making ransom payments to totalitarian regimes overseas. And yet, the number of high-profile ransomware attacks resulting in eye-popping sums continues to mount …

The Latest Ransomware Attacks

2020 has more than its fair share of ransomware attacks.

The city of Lafayette, Colorado, was hit by a ransomware attack this past summer. The city paid nearly $50,000 to ransomware attackers after data and devices were encrypted. The city opted to pay the ransom to minimize residents’ service outages.

In July, Garmin reportedly paid $10 million to its ransomware attackers after an infection took down several of the company’s online services.

In the education field, Columbia College in Chicago was also victimized by a ransomware attack earlier in June. The group behind the attack threatened to sell the college’s student data unless the ransomware payment was made within the two months – though the college has not revealed whether it paid up.

In May of 2020, Blackbaud, one of the world’s top cloud computing providers for businesses and non-profit groups, was also disrupted by a ransomware attack. Though Blackbaud managed to restore some systems from backup, the hackers were successful in stealing some information, plucking a copy of a data subset from the company’s self-hosted environment. Thankfully, the ransomware attackers were not able to obtain credit card data or information pertaining to financial institutions. However, Blackbaud decided to pay the cyber thieves’ demands after the attackers agreed to provide proof that the information pilfered from the company would be destroyed. Blackbaud executives have not stated how much they paid to satisfy the ransom demand.

Finally, IT giant Cognizant fell victim to ransomware attacks earlier this year. This is one of the more notable ransomware attacks as the company provides important IT services to businesses in a litany of industries. The company publicly acknowledged the ransomware attack, which impacted Cognizant’s internal systems, causing the encryption of an internal directory and an extensive disruption to its customer service operations. Cognizant was ultimately able to successfully contain the attack, but not without a cost. In its quarter financial report, the company admitted to nearly $150 million in losses stemming from the attack.

The Single Most Import Solution to Thwarting Ransomware and Avoiding a Ransom Payment

Ransomware attacks have become inevitable at every business – but being disrupted by them doesn’t have to be. With a robust business continuity solution, you can ensure that you always have clean data to fall back on.

This essential line of defense can also ensure you don’t have to pay a ransom if an infection occurs. With backups, you can revert to clean data and effectively eliminate the ransomware infection by restoring systems back to their original state before the attack occurred.

The Datto SIRIS is an advanced BC/DR solution that can help you safeguard your valuable data and maintain continuity through a ransomware attack and other disaster scenarios. In addition to its resilient hybrid-cloud backups and dependable restore options, the Datto SIRIS also has built-in ransomware protection to detect an attack at the first signs of an infection.

At a time when businesses could be penalized for paying their ransomware attacker, this protection is crucial.

Request a free demo

Learn more about protecting your organization from a ransomware attack with BC/DR solutions from Datto. Request a free demo or speak to our business continuity experts at Invenio IT today. Call (646) 395-1170 or email

New call-to-action

Tracy Rock is the Director of Marketing at Invenio IT. Tracy is responsible for all media-related initiatives as well as external communications—including, branding, public relations, promotions, advertising and social media. She is one busy lady and we are lucky to have her!