Treasury Nixes Ransom Payments

Forward by Laura Baker, CyberWyoming. Just reading the news over the past two months, I have been amazed at the resurgence of ransomware attacks and data breaches. Cybersecurity is everybody’s responsibility and affects all industries. A big thank you to Chris Bonatti and Medigate for sharing their blog information with CyberWyoming!

By Chris Bonatti, President of IECA, Casper, WY

The US Department of the Treasury has tightened up its policy regarding ransomware payments. Treasury’s Office of Foreign Assets Control (OFAC) issued revised guidelines which, among other things, are targeting this new phenomenon of ransomware negotiators, and also their insurers. It alerts companies that engage with victims of ransomware attacks of the potential risk of sanctions for facilitating ransomware payments. Treasury requires you to apply for a license to make such large payments overseas, which OFAC says they will review on a case-by-case basis with “a presumption of denial”.

Ransomware Attacks Increase

By Chris Bonatti, President of IECA, Casper, WY

Ransomware infections are one of a comparatively few types of cyber intrusions with a profit motive. Well that profit motive is alive and well, as ransomware campaigns are growing in number and sophistication.

The list of high-profile targets that have been taken out by ransomware this year overwhelms our ability to do justice to each of their stories. Recent victims include Canon, Garmin, University of Utah, Jack Daniels Whiskey, Carnival Cruise Lines, Luxottica, Tyler Technologies, and now Universal Health Services (UHS), which had equipment at over 400 healthcare facilities taken down by ransomware.

Researchers at BleepingComputer published findings in which they (see ‘’) documented the emergence of at least 14 new ransomware strains during the single week of 19- 25 September. Most of these were likely low-end campaigns by script kiddies, but we are also now facing the threat of ransomware as a service, such as seen in the Sodinokibi and REvil campaigns.

The major vector for spreading ransomware has long been phishing. However, this is now being eclipsed by targeted exploits against the Remote Desktop Protocol (RDP) and Samba, and most recently Zerologon.

Remember that it’s not just the initial intrusion that spreads ransomware, but the ease with which it spreads (or doesn’t) through your organization. If your organization doesn’t practice micro-segmentation and comprehensive backup, or if you don’t have a ransomware response plan, consider giving IECA a call.

Ryuk Ransomware, Healthcare & Medical IoT Management

By Laura Baker, CyberWyoming

In October, the FBI, CISA (Cybersecurity and Infrastructure Security Agency, and the Department of Health and Human Services published an alert for Trickbot malware and Ryuk Ransomware. The threats were focused on healthcare and public health sectors, which is partly why we have seen a risk in attacks in hospitals nationwide, as Chris’s article above discusses.

Security recommendations are standard: blacklist known indicators of compromise, disable remote desktop protocol whenever possible, patch systems, and put riskier devices on a segmented network. IT professionals know how to do this. The problem is that many hospitals had IT staff shortages BEFORE the pandemic and now with some staff getting sick it is even harder.

This is the type of thing that keeps IT professionals up at night. Visibility in patching, segmentation of devices, and more often comes into play to stretch more functionality out of IT staff. Medigate is a company that participated in Wyoming’s Cybersecurity Conference and I had the pleasure of seeing their product to manage medical IoT (internet of things) devices. This is exactly the type of product that Wyoming hospitals need because it is reasonably priced, has a free proof of concept, and provides that visibility for IoT devices and where they lie on the VLANs. I honestly haven’t seen anything else like it, which is probably why they were also they were chosen as a leader in the KLAS Decision Insights Report.

With Wyoming’s COVID rates spiking and our hospitals stretched, now is not the time to add a new product to an IT department. However when the crisis is over, moving back around to support hospital IT departments with products that help visibility into the growing world of medical IoT devices is something every administrator should be discussing. The workforce shortage isn’t going away in IT.


Register to Receive the Tech Joke of the Week!

This Week's Joke:

How many programmers does it take to change a light bulb?

None, it is a hardware problem!

More Posts: