Guillermo Christensen Quoted in Law360: "Risk of Breaching Sanctions Adds to Ransomware Headache"
Ice Miller LLP partner
Guillermo Christensen was quoted in the Law360 article,
"Risk of Breaching Sanctions Adds to Ransomware Headache."
The article included:
Despite OFAC having not penalized a company to date for violating sanctions with a ransomware payment, companies would be wise to do an "internal vetting" of any ransomware incident for evidence that the cybercriminals are linked to a sanctioned group, said Guillermo Christensen, a partner in the data security and privacy group at and a former intelligence officer.
But in many incidents, companies that bring in third-party forensics firms to analyze a cyberattack won't have clarity about who the hackers making the demands are within the first crucial hours or days, if ever, Christensen said.
"The most common scenario is that they get in, you have a couple of days to respond to the demand, and by the time forensics gets involved, you've already made the payment," Christensen told Law360.
Ransomware crews have grown more organized and market-savvy in the past couple of years, finding a sweet spot of companies and governments willing to pay rising sums to avoid having to rebuild their networks from scratch, industry experts say. Victims often cave to the attackers' payment demands, despite the FBI's advice that doing so will embolden cybercriminals to launch more attacks.
Trying to rush victims into paying up is part of the hackers' strategy. "Their incentive is to move as quickly as possible to get you to make decisions with as little reflection as possible," Christensen said.
Click here to read the full article.