How Effective Are Government Sanctions Against Ransomware

/in


How Effective Are Government Sanctions Against Ransomware

As ransomware attacks reach an all-time high, with 46% of them directed against American individuals and organizations, sanctions have become an important weapon for the government to fight back.

The US government imposed sanctions on Mikhail Mahteev — a Russian cybercriminal on the FBI’s most-wanted list.

Mahteev has been accused of being a “prolific ransomware affiliate” carrying out cyberattacks both in the US and abroad. The sanctioning of ransomware attackers is meant to protect victims from extortion, but it is a double-edged sword. Companies that pay ransom to sanctioned individuals and groups end up on the receiving end of the consequences.

The Downside of Sanctions

While it’s true that sanctions make it more difficult for cybercriminals to operate, they are far from being the perfect solution. A number of factors make it hard to effectively sanction ransomware groups, and there are still ways these groups can work around the sanctions. Besides, it’s ultimately the victims who face the consequences, which can range from hefty fines to criminal prosecution.

The tactic is meant to bar American victims from paying ransomware extortionists, but the only way it can be enforced is by penalizing victims who violate the sanctions.

A lot of ransomware actors like Mahteev are based in Russia — a country with a reputation for allowing hackers to operate freely, especially against Western targets.

There isn’t much the US government can do against such cybercriminals to enforce the sanctions effectively.

Besides, the way sanctions work makes them a less-than-ideal solution for tackling the ransomware threat, too. Imposed by the U.S.

Treasury’s Office of Foreign Assets Control (OFAC), these sanctions make it unlawful for individuals and businesses in the US to transact with sanctioned entities like Mahteev.

Experts also fear that such sanctions could potentially encourage opposite reactions. Victim organizations violating the sanctions by making ransomware payments to sanctioned entities or countries, even unknowingly, might not notify authorities of the incident out of fear of prosecution.

This would lead to a lot of ransomware attacks going…

Source…