Back To The Blog

Ransomware Payments and the Ukraine Conflict

Ransomware/Malware / May 23 , 2022

We’ve asked a number of subject matter experts for their input on how the war in Ukraine is impacting cybersecurity and cyber risk management. Today, we’re sharing our conversation with Marc Jason Grens, President at DigitalMint Cyber, a leading vendor for cyber incident response.

What cybersecurity concerns do you have about the unfolding scenario with Russia and Ukraine?

As a FinCEN-registered money services business, we adhere to we adhere to the Bank Secrecy Act and all underlying Anti-Money Laundering guidelines, as well as multiple state financial departments concerned about preventing money laundering and adhering to sanctions. Our biggest concern is whether due diligence is collectively being conducted by the stakeholders and parties involved in the transaction to ensure that funds are not being sent to a sanctioned entity or violating the new guidelines and executive orders issued by the Biden administration and OFAC.

Generally speaking, one of our concerns is whether due diligence is collectively being conducted by the stakeholders and parties involved in the transaction to do our best to limit the risk so that funds are not being sent to a sanctioned entity or violating the new guidelines and executive orders issued by the Biden administration and OFAC.

Specifically, any entity, group or individual that is using funds to support the Russian government may be considered to be in violation of a sanction, and in those cases, OFAC has authority to come down on companies and entities that are not following their compliance controls necessary to mitigate these risks. In order to mitigate these risks further, we closely collaborate with forensics companies, incident response teams, negotiators, insurance companies, the underlying victim, and money service businesses involved in every transaction.

The general question is whether the industry overall is doing enough. Are we communicating and collaborating enough on a case by case basis to peel back the onion a little bit further and not have any unintended consequences by making these ransomware payments?

We will never know with 100 percent certainty who exactly is supporting the Russian Federation, so it becomes a risk-based approach but we are under more of a magnifying glass now, given these historically impactful sanctions.

What cyber trends are you seeing related to that situation? Are US organizations or those in other geographic regions facing heightened risks?

Ransomware attacks, specifically those victims making payments, have slowed down a little bit for about the first several weeks of the conflict. However, we’re seeing more activity now. Generally speaking, there’s still somewhat of a shotgun approach with phishing for vulnerabilities, so companies and individuals continue to have the same level of risk of a breach. There is speculation that critical infrastructure may be targeted, but we haven’t seen any communications or attribution that suggests any geographic area is being targeted more than another.

What proactive cyber-related actions would you suggest right now?

This is sort of a “sharpen the saw” moment in preventative cybersecurity operations, which compel everyone to look internally for added exposures and vulnerabilities. As an industry, we should come together to ensure we are checking all of the boxes.

In summary…

We would like to thank Marc for his insights on the challenges facing cryptocurrency providers during this historic moment.

For more information on the cyber risk landscape as it changes daily, be sure to login to your eRiskHub® portal for up-to-date threat intel, cyber awareness training, and more.


Tags

Related Blog Posts

Download 2024 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.

Download

© 2024 NetDiligence All Rights Reserved.