Ransomware sanctions could turn your worst day into a federal crime. If the group that encrypted your data is on a US government sanctions list, paying them may be illegal.

Dr. Mike Saylor joins Curtis Preston and Prasanna Malaiyandi to walk through a real ransomware incident involving a construction company, the Lazarus Group, and a weekend of negotiating with North Korean cybercriminals — who, by the way, have a surprisingly functional help desk.
Before that company could pay a single dollar, they had to figure out whether doing so would trigger OFAC sanctions penalties that dwarfed the ransom itself. We're talking fines of 10x to 100x the ransom amount. In some countries, we're talking jail time.

This episode covers everything you need to know about ransomware sanctions: what OFAC is, how the US Treasury tracks Bitcoin wallets to identify sanctioned threat actors, and what steps you need to take the moment ransomware hits your organization.

We also get into why paying a ransom puts a target on your back — 70% of companies that pay get hit again within six months — and why immutable backups are the only thing that truly keeps you out of this mess.
If you run IT, own a business, or have any responsibility for your organization's data, this one is not optional listening.

🎙️ Guests: Dr. Mike Saylor, co-author of Learning Ransomware Response and Recovery (O'Reilly)

📖 Get the book: https://www.oreilly.com/library/view/learning-ransomware-response/9781098169572/

🛡️ Build your ransomware recovery plan: https://www.stopransomware.com

⏱️ Chapters:

0:00 Intro
1:31 Meet the Guests: Curtis, Prasanna, and Dr. Mike Saylor
4:10 Case Study: A Construction Company and the Lazarus Group
6:34 Are These Bad Guys Sanctioned? Introducing OFAC
8:05 Why Ransomware Funds Terrorism, Drug Trafficking, and Worse
11:00 Sanctions Penalties: Fines That Can Put You Out of Business
12:24 Colonial Pipeline and Exceptions for Critical Infrastructure
13:26 How the Government Tracks Bitcoin Wallets
16:27 Global Sanctions: UK and Australia Have Their Own Rules
18:31 Pay Once, Pay Again: The 70% Re-Attack Rate
20:43 Proof of Life: Don't Pay Without It
23:38 What To Do When You Get Hit: The Right Order of Operations
25:17 Immutable Backups: The Only Real Answer
27:07 How the Construction Company's Backups Got Wiped
33:07 Build Your Team Before the Bad Day: FBI InfraGard and More