Our History of Ransomware & Compliance

Our History of Ransomware and Compliance

Proven Data has been and will continue to be a pioneer in the ransomware remediation and recurrence prevention. Ransomware is a type of malware that locks up files and demands payment usually in the form of bitcoin. The files are not unlocked until a key is obtained from the threat actor after making payment.

Ransomware continues to be a major threat affecting organizations and their networks of all sizes, and Proven Data stands by our clients with the intent to get operations back up and running as soon as possible while preventing another occurrence in the future. Our mission is to deliver complete clarity and professionalism with every client and incident case we undertake.

Since 2015, our security experts have worked to create an atmosphere of security awareness and transparency throughout our processes. We continue to stay on top of the latest cyber threat trends and evolve the Proven Data Ransomware services. We are dedicated to being a reliable resource for public education of an often misunderstood and highly complex industry.

When our founders first envisioned Proven Data, they aspired to assist those who had lost their data in any data loss scenario. In 2015, Proven Data encountered several ransomware victims who had no one to turn to. Clients would often mention that it would take weeks to obtain the necessary bitcoin to pay the ransom and restore their computer’s functionality, all while their business was disrupted.

Ransomware is uncomfortable for all parties involved as no one wants to be in that situation. But further market research by Proven Data found no companies capable of performing ransomware remediation services. Determined not to leave our clients stranded, we decided to help. From the beginning, navigating through a perilous landscape of uncertainties and unknowns was a difficult task.

Proven Data got to work to chart and better understand the attack vectors. Our processes naturally evolved to accompany the need for improved network security and security awareness to combat ransomware attacks. Today, we employ experts in their respective fields ranging from digital forensics to cyber security. As we developed our processes from the ground up, the best interests of our clients have always been our first priority.

Our goal in this effort is to be as transparent as possible. As we began to have more requests for help with ransomware and fine tuned our processes based on client feedback, we added information on our website and terms of service about the process of remediation and potential need for ransom payment to be sent.

Ransomware remediation is not sexy and is often looked at disfavorably, especially by those who have never been the target of such an attack. Outsiders often think that all you need to do is pay the ransom and your files will magically reappear. As those who have been the victim of a ransomware attack know well, and as we have seen first-hand many times, this is not the case. Resolution of these attacks require time, effort and special knowledge.  

We pride ourselves in our high success rate because of our unique knowledge and ability to assist in each a number of different scenarios we have encountered in helping the victims of ransomware attacks. Many of these occur even after the ransom is paid:

  1. Wrong key is provided
  2. File corrupted by the hacker
  3. Hacker disappears
  4. Portal closes
  5. Bad functioning decrypter
  6. Hacker raises price
  7. Incompatible OS
  8. Corrupted OS
  9. File path too long
  10. Permission issues
  11. Hacker re-encrypts files
  12. Files are decrypted but ransomware file extension names remain
  13. Double or triple encryption
  14. Incomplete key
  15. Dependencies removed
  16. Hacker email bounce back
  17. Space issues

Compliance and our History

What is OFAC?

The Office of Foreign Assets Control (better known as OFAC), a division of the US Department of the Treasury, administers and enforces economic and trade sanctions based on US foreign policy and national security objectives. OFAC is responsible for imposing controls on transactions and other interactions between citizens of the United States and targeted individuals, entities and countries including terrorists and international narcotics traffickers. Unfortunately, the focus of these criminals now encompasses cyber crime and ransomware attacks. Recognizing this, the OFAC Cyber-Related Sanctions Program is designed to promote the safety and security of US persons including businesses and other entities by creating more transparency into known malicious cyber groups and their potential extortion operations.

Federal law enforcement also has been allocating greater resources to focus on the global trends in cyber crime, which target US businesses, government and nongovernmental organizations of all sizes with various cyber threats such as ransomware. OFAC has been working diligently to ensure US businesses do not interact with or fund known terrorist organizations around the world, and continually updates its sanctions list to known threat actors.

Proven Data takes a very hard line stance against transacting with any groups identified as threat actors by OFAC. If we determine that a ransomware is unable to be removed and a ransom must be paid in order to unlock files, one of the first checks we do is to ensure that it does not go to anyone on the Specially Designated Nationals (“SDN”)  list maintained by OFAC or otherwise deemed to be a prohibited person by OFAC, even if it means potentially not being able to recover the victim’s files. Law enforcement and OFAC have become increasingly sophisticated in their ability to identify the owner of ransomware wallets, and are now including wallet addresses on the SDN list. . As soon as a name or bitcoin wallet address is added to the list, Proven Data stops providing assistance in cases involving ransomware attacks associated with these names or addresses. Using available technology, Proven Data is taking other steps as part of its efforts to proactively identify threat actors who may be located in prohibited jurisdictions.  SamSam ransomware attacks are a good example. Our goal is to ensure our operations staff comply with all applicable local, state, and federal regulations. We have even taken compliance to the next level by researching Bitcoin wallets to trace prior transactions to see if there is a potential link to the sanctioned individuals, wallets or jurisdictions. Proven Data has not made any payments to the sanctioned wallets once they were identified and publicly known.

How Proven Data Shows Our Commitment to Compliance

We make staying on top of trends  and compliance with applicable laws and regulations is our highest priority. We utilize our resources to ensure we are ahead of the curve to serve our clients. Proven Data has added the role of Compliance Officer to our core team. Having a dedicated member of our core team serve as the Compliance Office we have assured the compliance function has a person overseeing it with a solid understanding of our business and our compliance obligations; our commitment to compliance is clear. We are confident given the tools and resources at our disposal that we are making every effort to service businesses experiencing attacks by cyber criminals without funding sanctioned entities, individuals, or terrorist organizations.

Proven Data preserves our mission of offering world-class cyber crime incident services while keeping abreast of all compliance and sanction trends and they unfold. Unfortunately as ransomware attacks have become more sophisticated – and more common – the ability of nonprofessionals to resolve them is increasingly challenged.

Proven Data is able to step into these situations, helping the victims and ultimately, assisting them in  executing on their decision to pay ransoms – but only after all other avenues have been exhausted. At the same time Proven Data is working with the victims to mitigate future risk of another ransomware occurrence. Reducing the number of soft targets subject to ransomware attacks through security hygiene and encouraging an environment of security awareness, in our view, is the best way to prevent cyber attacks and force these kinds of criminals from the field. Reporting internet crimes to authorities is incredibly important as identifiable information about a threat actor can lead to an arrest.

Proven Data continues to be an industry leader by assisting clients in remediating their ransomware crisis and helping them fulfill a long-term goal of better cyber security for their organizations. As these online threats continue to unfold, our team is prepared by providing resources and services to improve the data security for our clients both of the present and future.


Cyber crime and digital threats are consistently evolving to create more problems and extort finances from both small businesses and larger organizations as a whole. Downtime experienced by an unexpected cyber attack can be detrimental for a business or a hospital when lives are on the line. If you or your business has been affected by a recent ransomware attack, reach out and create a case and allow us to show you first hand how we can assist you.

Recommended Posts