Sign up to save your podcasts
Or
Share Ransomware Sanctions, OFAC, and the Lazarus Group: A Real Case Study
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Ransomware Sanctions, OFAC, and the Lazarus Group: A Real Case Study
Ransomware sanctions are something most companies never think about — until they're staring down a ransom demand from a group the US government has already put on a sanctions list. In this episode, Dr. Mike Saylor walks us through a real incident involving a construction company, hundreds of millions in active contracts, and the Lazarus Group — a North Korean state-sponsored threat actor. Before that company could pay a single dollar in ransom, they had to figure out whether doing so would trigger federal penalties that dwarfed the ransom itself. We're talking fines of 10x to 100x the payment amount, and in some jurisdictions, jail time.
This is one of those episodes where the story alone is worth your time. Mike was in the room for this incident, negotiating directly with the Lazarus Group over a weekend — and yes, it turns out North Korean cybercriminals have a surprisingly functional help desk. But beyond the story, there's real actionable information here about OFAC (the Office of Foreign Asset Control), how the US Treasury tracks Bitcoin wallets to identify sanctioned actors, and what you actually need to do the moment ransomware hits your organization.
We also get into why paying a ransom paints a target on your back — 70% of companies that pay get hit again within six months — and why immutable backups are the only thing that truly keeps you out of this situation.
Chapters:
0:00 Intro
1:31 Meet the Guests: Curtis, Prasanna, and Dr. Mike Saylor
4:10 Case Study: A Construction Company and the Lazarus Group
6:34 Are These Bad Guys Sanctioned? Introducing OFAC
8:05 Why Ransomware Funds Terrorism, Drug Trafficking, and Worse
11:00 Sanctions Penalties: Fines That Can Put You Out of Business
12:24 Colonial Pipeline and Exceptions for Critical Infrastructure
13:26 How the Government Tracks Bitcoin Wallets
16:27 Global Sanctions: UK and Australia Have Their Own Rules
18:31 Pay Once, Pay Again: The 70% Re-Attack Rate
20:43 Proof of Life: Don't Pay Without It
23:38 What To Do When You Get Hit: The Right Order of Operations
25:17 Immutable Backups: The Only Real Answer
27:07 How the Construction Company's Backups Got Wiped
33:07 Build Your Team Before the Bad Day: FBI InfraGard and More
View all episodes
By W. Curtis Preston (Mr. Backup)
4.7
2626 ratings
Ransomware sanctions are something most companies never think about — until they're staring down a ransom demand from a group the US government has already put on a sanctions list. In this episode, Dr. Mike Saylor walks us through a real incident involving a construction company, hundreds of millions in active contracts, and the Lazarus Group — a North Korean state-sponsored threat actor. Before that company could pay a single dollar in ransom, they had to figure out whether doing so would trigger federal penalties that dwarfed the ransom itself. We're talking fines of 10x to 100x the payment amount, and in some jurisdictions, jail time.
This is one of those episodes where the story alone is worth your time. Mike was in the room for this incident, negotiating directly with the Lazarus Group over a weekend — and yes, it turns out North Korean cybercriminals have a surprisingly functional help desk. But beyond the story, there's real actionable information here about OFAC (the Office of Foreign Asset Control), how the US Treasury tracks Bitcoin wallets to identify sanctioned actors, and what you actually need to do the moment ransomware hits your organization.
We also get into why paying a ransom paints a target on your back — 70% of companies that pay get hit again within six months — and why immutable backups are the only thing that truly keeps you out of this situation.
Chapters:
0:00 Intro
1:31 Meet the Guests: Curtis, Prasanna, and Dr. Mike Saylor
4:10 Case Study: A Construction Company and the Lazarus Group
6:34 Are These Bad Guys Sanctioned? Introducing OFAC
8:05 Why Ransomware Funds Terrorism, Drug Trafficking, and Worse
11:00 Sanctions Penalties: Fines That Can Put You Out of Business
12:24 Colonial Pipeline and Exceptions for Critical Infrastructure
13:26 How the Government Tracks Bitcoin Wallets
16:27 Global Sanctions: UK and Australia Have Their Own Rules
18:31 Pay Once, Pay Again: The 70% Re-Attack Rate
20:43 Proof of Life: Don't Pay Without It
23:38 What To Do When You Get Hit: The Right Order of Operations
25:17 Immutable Backups: The Only Real Answer
27:07 How the Construction Company's Backups Got Wiped
33:07 Build Your Team Before the Bad Day: FBI InfraGard and More
More shows like The Backup Wrap-Up
View all
The Changelog: Software Development, Open Source
288 Listeners
Risky Business
371 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
651 Listeners
Tech Talks Daily
201 Listeners
CyberWire Daily
1,028 Listeners
Smashing Security
317 Listeners
Darknet Diaries
8,077 Listeners
Cybersecurity Today
175 Listeners
Hacking Humans
315 Listeners
Random but Memorable
71 Listeners
AWS Podcast
204 Listeners
Cybersecurity Headlines
139 Listeners
Risky Bulletin
45 Listeners
Hacker And The Fed
168 Listeners
The Rest Is Classified
1,153 Listeners