It’s been said that the best way to hunt down criminals is to follow the money. In 2020, ransomware payments reached over $400 million, more than four times their level in 2019. The Federal government is trying to help deter ransomware attacks by making it more difficult to use virtual currency to collect payments.

U.S. Department of the Treasury recently announced a set of actions focused on:

  • 1) Disrupting criminal networks and virtual currency exchanges used for laundering ransoms
  • 2) Encouraging improved cyber security across the private sector
  • 3) Increasing incident and ransomware payment reporting to U.S. government agencies

Virtual Currency Exchanges

Virtual currency exchanges are a critical element of this criminal ecosystem, since these networks expedite ransomware payments and money laundering activities. The United States applies its anti-money laundering framework in the virtual currency arena to help combat cyberattacks.

Department of the Treasury’s Office of Foreign Assets Control’s (OFAC) recognizes SUEX OTC, S.R.O. (SUEX), a virtual currency exchange, for facilitating financial transactions for ransomware actors. Virtual currency exchanges like SUEX make ransomware attacks profitable. Treasury will continue to disrupt and hold entities accountable to deter outbreaks.

Don’t Pay Ransoms

Giving in to payment demands is fueling the spread of ransomware. U.S. government strongly discourages the payment of cyber ransom or extortion demands. (Also, admitting defeat doesn’t guarantee that a victim’s network will be restored.)

Paying a ransom proves to cyber criminals that their operations work. They can’t be trusted not to prey on a victim again or publish stolen data anyway.

Recovery Strategies

If your organization is attacked, your data can be recovered. Recovery Point offers a variety of backup, replication and DRaaS solutions which can be used for ransomware recovery:

  • Unlocked and unencrypted versions of your servers are restored from before the ransomware attack into a RPS DR/production environment.
  • Point-in-time recovery capability
  • Data is protected, and your business is back up and running quickly after an attack.
  • Your organization doesn’t pay a ransom.

Recovery Point helps clients fight back with our 3-2-1-1-0 strategy:

3 copies of data

2 different media types

1 offsite copy

1 air-gapped copy (RPS tape vaulting)

0 No errors with Recovery Point’s managed BPR solution

With this methodology, Recovery Point backs up data from primary site to secondary data center, creates backup snapshots to rollback to data pre-malware infection and ensures backups are encrypted on secure storage (WORM disk or tape).

Breach Steps

If a ransomware event occurs:

  • Clients select the latest recovery point before the incident to restore data.
  • We rollback to an unencrypted or uncorrupted version of your servers.
  • Then we run recovered servers in your RPS environment.
  • When the incident is resolved, failback to your primary environment is performed.

Recovery Point has you covered. To learn more about our cybercrime recovery strategies, call 877-445-4333 or fill out this contact form.

You Might Also Like

Leave a Comment