October '21

Issue link:

Contents of this Issue


Page 11 of 103

8 THE SHOP OCTOBER 2021 longer be accessed, or when a computer message pops up alerting users to the attack and demanding ransom payments. PAYING THE PIPER—OR NOT Top U.S. law enforcement officials dis- courage meeting ransomware demands. The FBI is reportedly doubling down on its guid- ance to affected businesses and the message is clear: don't pay the cybercriminals. Ransom payments vary depending on the ransomware variant and the price or exchange rates of digital currencies. The anonymity offered by cryptocurrencies makes this the ideal payment vehicle. Alternative payment options are also fre- quently employed, including iTunes and Amazon gift cards. Unfortunately, paying the ransom does not guarantee the user will get the decryp- tion key or unlock code needed to regain access to the infected computer system or files being held hostage. Successful or not, however, the govern- ment offers a little-known incentive for those who do pay—the ransom may be tax deductible. There may also be insurance options to cover both business disruption and the ransomware payment itself. TAXES TO THE RESCUE Tax deductibility is part of a bigger quan- dary stemming from the rise in ransom- ware attacks. The government warns that payments that fund criminal gangs could encourage even more attacks. However, failing to pay a ransomware demand can have devastating consequences for a small automotive shop. Fortunately, a small business that pays ransomware may be allowed to claim a tax deduction on its federal tax return. After all, in order to be deductible, business expenses only need to be ordinary and necessary. Losses from more traditional crimes such as robberies or embezzlement have long been deductible, so ransomware payments, in all likelihood, would be as well. Naturally, there are limits to the deduc- tion. For instance, if the loss to the auto- motive aftermarket business is covered by cyber insurance—something that's becoming increasingly common—the operation can't claim a deduction for a payment made by an insurer. Ransomware Understanding Ransomware can unknowingly be downloaded onto a computer by opening an email attachment, clicking an ad, following a link or even visiting a website that's embedded with malware. While ransomware has become a multibillion-dollar threat, the average payment demanded in 2020 was only $310,000, with many payments in the $25,000 to $30,000 range.

Articles in this issue

view archives of THE SHOP - October '21