We have warned the world in 2016 that Ransomware is funding terrorism, ISIS and we have repeatedly reached out to the FBI to see if the payments you might make to a terrorist organization could be held against you or your company. The FBi did not respond to our repeated requests.
This is what we said a few years back:
Specifically, the penalties for funding terrorism can be prison terms of up to twenty years. Your protection from this terrible fate seems to hinge upon whether you knew the money was going to fund terrorism. In other words, you can hopefully plead ignorance but who knows for sure if that’s a defense? Of course, there is a chance, the feds will never find out where your money went. But it’s likely a matter of time before the US government gets ahold of some ISIS computers and traces back the money to western companies. In fact, tens of thousands of users in Australia have already had to pay ransoms to ISIS. One wonders if this means they are on the hook if the US government decides to prosecute.
To date we know of no indictments but it is obviously better to be safe than sorry.
The good news is these warnings are slowly being heeded - albeit, years later. Futurism ran an article recently about Ransomware funding terrorism - this is good news.
The article actually was based on a Pro Publica study which showed companies which were not prepared for a Ransomware attack, their hiring of experts - often funds ransom payments.
The reason organizations are forced to pay experts or a ransom is because they are generally not prepared. This can be changed - it is really not that difficult.
Simple ideas to improve cybersecurity are to keep computer operating systems and software patched. Ensure social media accounts are private. Be careful what you share. Be aware of phishing emails which can be used to hack your computer, network, bank accounts and steal your identity.
Regularly use a phishing simulation service like Phish360 to send fake phishing emails and train users who click.
- General Cybersecurity training must be done regularly.
- Auditing and documentation must be performed regularly to ensure systems are secure.
- Anomaly detection should be running constantly to detect threats as they emerge.
- Penetration testing shows if systems can easily be reached from the outside.
- Network forensics for when a breach eventually occurs. The bad guys always seem to get in eventually.
Cybersecurity is part technology, strategy, science and competition. That last term may be surprising but it shouldn’t be. With millions of companies which hackers might want to hit and billions of users… If one individual or company is more secure than others, the hacker is likely to just move along to the next target.