Paying a Hacker’s Ransom Can Now Be a Crime!?

Airgap Networks
3 min readOct 6, 2020
To Pay or not to Pay?

It’s OK sometimes to give in to ransomware? When is that “sometimes” going to end?

Companies paying ransom when attacked by ransomware in an effort to retrieve their data has always been controversial because it encourages future attacks. Now, doing so may also be illegal.

The U.S. Department of Treasury today warned that paying ransomware demands may be illegal and that companies that do so could be prosecuted.

The warning came in advisories from the Treasury’s Office of Foreign Assets Control and its Financial Crimes Enforcement Network. Both warned that any company that paid a ransomware payment, or a third party that facilitated a payment, could be prosecuted in the case that the hackers demanding the ransom were subject to U.S. sanctions.

There is an exception: Companies that are considering making a ransomware payment can do so but only with government approval.

Specific attention was given to third-party companies that facilitate ransomware payments. “Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations,” the Office of Foreign Asset Control said in its advisory. (Source: CSO Magazine)

Let’s throw a clever concept out here…if someone can come out with a way to survey all damage caused by the bad actors and stop all propagation at the flick of a switch to isolate the infected machines confining the ransomware and protect the crown jewels and in less than 1 second. Wouldn’t you be intrigued and want to find out what it is?

Ever wondered why all gas stations have an “Emergency Shut-off” switch? It is because the gas station owners realize that this switch will be a lifesaver someday. No one hopes or plans to use it but when in need, this may turn into your best friend.

Organizations have realized that, once your perimeter is breached, the ransomware spreads like a wildfire and the SecOps teams have started asking for an emergency kill switch to prevent the spread of ransomware. In the absence of a credible solution, the SecOps team mostly relies on a bunch of scripts to manipulate the entire infrastructure. The process takes hours, is cumbersome, error-prone, and often buggy.

Introducing Ransomware Kill Switch

Based on popular demand from the customers, Airgap Networks realized that a Ransomware Kill Switch in the organization may come handy when your infrastructure is under the ransomware attack.

What does Ransomware Kill Switch (RKS) protect?

By blocking lateral propagation of the ransomware, the Ransomware Kill Switch protect all devices, managed and/or unmanaged, inside your organization

By blocking access to file-share, Active Directory, storage, and backup services, the Ransomware Kill Switch ensures your key resources are protected when you are under attack

By blocking access from your servers to mission-critical services such as ERP, CRM, etc, the Ransomware Kill Switch ensures that your employee and customer’s data is protected.

Ransomware Kill Switch can be deployed in minutes. So, before you think about giving in to the ransomware, get your the Ransomware Kill Switch first. Don’t be caught without an emergency shut off valve.



Airgap Networks

Zero Trust Isolation — The Best Defense Against Ransomware Propagation.