Thales Blog

Ransomware Sanctions: Do They Have Any Impact?

December 19, 2023

Todd Moore Todd Moore | VP Encryption Products, Thales More About This Author >

Ransomware is one of the most high-profile and high-value cybercrimes that organizations need to watch out for. These attacks have the potential to cause significant financial, operational, and reputational damage to a company: bad actors cut off access to vital systems, ransoms demanded can be in the millions of dollars, and paying the ransom doesn’t guarantee a resolution. While authorities in multiple countries have issued sanctions regarding ransomware payments, the efficacy of these sanctions in actually preventing ransomware incidents is in question. This blog post will explore the reasons that ransomware sanctions may fall short and what actions organizations can do to protect against ransomware.

Ransomware Sanction Challenges

In theory, ransomware sanctions are intended to make it more difficult for bad actors to receive ransom payments, cutting off their source of revenue as much as possible. Sanctions can be leveled against criminal organizations, individuals, or groups from certain countries in an effort to curb ransomware attacks. However, there are numerous factors that complicate circumstances and hinder the ability of sanctions to have a substantial impact on the ransomware threat landscape. It puts the responsibility on the target or the financial institution processing the payment to determine whether the potential recipient of a ransom is under sanction or not.

This can be extremely challenging to figure out logistically, as criminal organizations predictably often make an effort to conceal their identities. While some high-profile criminal groups like to build their reputation by taking credit for attacks, the majority of cybercriminals tend to operate less publicly and can take steps to obfuscate themselves to continue carrying on criminal activity without being caught.

Furthermore, the nature of the threat landscape, and particularly the growth of the Ransomware-as-a-Service (RaaS) market, make it impossible for sanctions to thoroughly account for cybercriminal activity. The ransomware landscape is rife with organizations and actors that are decentralized, anonymous, and difficult for lawmakers, targets, and financial institutions to pin down. While sanctions can be levied against well-known criminal organizations and their known members, there are simply too many ransomware attackers, organizations, and attacks for sanctions to make a significant dent in.

What Can Organizations Do?

While the practical impact of sanctions is limited, and ransomware is an issue that continues to plague organizations of all sizes, there are still methods and tools that a company can implement to protect against ransomware attacks.

Certain cybersecurity best practices—such as utilizing multi-factor authentication (MFA), encrypting data, and creating and updating backups—are effective not only in preventing ransomware attacks and remediating incidents that may occur, but also in protecting an organization’s everyday IT activities. It is also recommended that organizations have a disaster recovery plan in place and test it regularly.

Defending against ransomware also entails accounting for the range of infection vectors through which bad actors can infiltrate an organization to launch an attack. The most common ransomware infection vectors are phishing emails deceiving insiders into opening links or attachments containing malware, software vulnerabilities taken advantage of by cybercriminal actors, and desktop vulnerabilities exploited through credential theft or other means of remote access. Preventing ransomware attacks means deploying security awareness training, cybersecurity policies, and software tools to cover these gaps in security and teach employees to detect and identify potential attacks.


Ransomware sanctions are a concerted effort to curb the rampant danger of these attacks by preventing bad actors from receiving ransom payments. Unfortunately, the range of impact that sanctions can have is severely limited due in part to the nebulous identities of the cybercriminal individuals and organizations. State sanctions may not be a comprehensive or extremely effective way to reduce ransomware incidents, but there are still a number of steps that an organization can take to protect against ransomware.

Having a “discover, protect, control” mentality is the best bet for organizations to get back in charge of their internal resources and data.