Thought Leadership

Ransomware Payments May Run Afoul of Federal Regulations

ransomware protection by Mainstream Technologies(October 2020) Ransomware Payments May Run Afoul of Federal Regulations

With ransomware attacks becoming more frequent and sophisticated, more and more companies are choosing to pay up so they can quickly regain access to their data and get back to business. That could prove to be a costly mistake in more ways than one.

Security experts and law enforcement officials have always advised against paying because it doesn’t guarantee you’ll get your data back, plus it gives the perpetrators incentive to target more victims. Now the U.S. Treasury Department warns that those who negotiate with ransomware extortionists may expose themselves to hefty federal fines.

On Oct. 1, the Treasury Department’s Office of Foreign Assets Control (OFAC) issued an advisory that warns of potential sanctions associated with ransomware payments. At issue is the fact that many ransomware perpetrators are part of vast international criminal groups that are under sanction by OFAC.

Putting the Squeeze on Cybercriminals

To combat rising financial losses from ransomware and other cybercrime activity, the Treasury Department has imposed economic sanctions on several cybercriminals and cybercrime groups, freezing all their property and interests in the U.S. A variety of laws and regulations, including the International Emergency Economic Powers Act (IEEPA) and the Trading with the Enemy Act (TWEA), prohibit U.S. companies and citizens from engaging in any sort of direct or indirect transactions with sanctioned groups or individuals.

Those in violation of these laws and sanctions could face fines of up to $20 million. However, the OFAC advisory notes that cooperation with law enforcement officials will be a significant mitigating factor in any enforcement action.

The warning comes at a time of surging ransomware attacks. This summer, the FBI noted it experienced a 400 percent increase in reports of ransomware attacks as criminals look to exploit the fear and uncertainty surrounding the COVID-19 pandemic. Research shows that as many as three-quarters of all victims have paid the ransom this year, up from less than half in 2019.

Raising the Stakes

Payment seems to only embolden the criminals, who are not only launching more attacks but asking for larger payoffs. A study by BlueVoyant says that average ransom demands have risen from about $30,000 in 2019 to nearly half a million dollars. The GPS technology company Garmin reportedly paid a record $10 million ransom to recover data encrypted in a July attack.

A new Vanson Bourne survey sponsored by Sophos illustrates the potential pitfalls of paying the ransom.   The global survey of more than 5,000 IT decision-makers found that the total cost of recovery almost doubles when organizations pay a ransom. Organizations that chose not to pay had average recovery costs of more than $730,000, which included business downtime, lost orders, operational costs, and more. The average cost rose to more than $1.4 million when organizations paid the ransom because they still incurred all those other downtime and operational costs.

Paying the ransom doesn’t mean you’ll get your data back, either. The numbers suggest that a well-designed backup environment remain your best bet for recovery, although the increased use of blackmail tactics are increasing the need for prevention in addition to adequate backups. According to the Sophos study, 51 percent of all organizations suffered a ransomware attack in the previous 12 months, and 94 percent were able to get their data back. More than half (56 percent) restored their data from backups, 26 percent paid the ransom and 12 percent got their data back by other means.

Ransomware is flourishing because it offers a relatively easy payday for cybercriminals. While paying the ransom may seem like the easiest way to get your data back, research suggests that’s not always the case. Potential federal penalties should also make you think twice about negotiating with extortionists.

Mainstream Technologies can help you implement a variety of security controls and data protection solutions that limit your risk from ransomware. Call us to learn more about how we can help you identify and contain ransomware before it spreads throughout your network, and ensure that you have a reliable backup of your vital data.


Since 1996, Mainstream Technologies ( has established itself as one of the most respected technology companies in Arkansas with headquarters and data center facilities in Little Rock, and sales offices in Conway and Bentonville.  Mainstream’s full range of technology services includes IT Management and Consulting, Custom Software Development, Cyber Security, and Data Center Services.  Our team of experienced technology professionals serves public and private sector customers across the United States.

Jeff Pracht
IT Business Development Manager
(479) 715-8629 Office
(501) 529-0008 Mobile

Contact Us

  • Industry

  • Category

  • Regulation

  • Solution