Paying Hackers’ Ransom Demands Is Getting Harder

If your data center’s ransomware recovery plan is to pay off the hackers with cryptocurrency, it’s time to rethink your strategy as regulators crack down.

Today, every data center manager should be aware of the dangers of ransomware and have a disaster recovery plan that doesn’t involve paying hackers’ ransomware demands.

But, according to a ransomware survey report released in June by Keeper Security, 49% of companies hit by ransomware paid the ransom — and another 22% declined to say whether they paid or not. Part of the reason why so many companies are paying hackers is the lack of usable backups.

It’s not enough just to have tape backups of key databases in an offsite location somewhere. Yes, they’re going to be safe from attackers, but restoration is going to take time and money. Often, paying the ransoms is cheaper and quicker.

That strategy might not fly for much longer.

Ransomware Payment Sanctions

Last week, the U.S. Treasury Department sanctioned a cryptocurrency exchange for its role in facilitating ransomware payments and issued an advisory to private companies making such payments that they might be facing sanctions risks.

According to the Treasury, ransomware payments reached $400 million — four times higher than in 2019. And that number is just a fraction of the total economic cost of ransomware.

“The new designations means that U.S. entities and citizens will be banned from performing transactions with sanctioned entities and could themselves face sanctions or enforcement actions for doing business with them,” said John LaCour, founder and CEO at PhishLabs, a cybersecurity firm. “No board will want to take on that personal risk.”

Companies should change their mindsets, he added, to one where paying hackers is not an option.

“It can be a good exercise for companies,” he told Data Center Knowledge. “Which data or systems would they have been willing to pay ransom for? And what additional protections do they need to apply to those systems so as not to find themselves in that position?”

The U.S. isn’t the only country starting to crack down on crypto payments. On Friday, China announced a ban on all…