US Treasury warns making ransomware payments could breach sanctions regulations

The US Treasury department has warned that facilitating payments to cybercriminals to remove ransomware from IT systems risks breaching sanctions regulations.

In an advisory note published today, the treasury’s Office of Foreign Assets Control (OFAC)  said demand for ransomware payments has increased during the Covid-19 pandemic.

Ransomware is designed to block access to a computer system or data to extort ransom payments from victims in exchange for decrypting the information and restoring victims’ access to their systems or data.

OFAC warned that if a cyber-criminal is already subject to sanctions, paying them, or facilitating a payment to them on behalf of a victim, could constitute a breach of regulations. This could lead to legal repercussions including fines of up to $20million.

OFAC has designated numerous cyber-criminals under its sanctions programme who perpetrate ransomware attacks. It gives the example of the North Korean Lazarus Group; two Iranians thought to be tied to the SamSam ransomware attacks; Evgeniy Bogachev, the developer of Cryptolocker; and Evil Corp, a Russian cybercriminal syndicate that has used malware to extract more than $100 million from victim businesses.

In some cases, in addition to the attack, cyber actors have threatened to publicly disclose victims’ sensitive files.  Ransomware cases increased 37% from 2018 to 2019 according to the Federal Bureau of Investigation.

OFAC said that making ransomware payments also encourages cyber-criminals to carry out further attacks. “In addition, paying a ransom to cyber actors does not guarantee that the victim will regain access to its stolen data,” it said.  OFAC is instead urging victims of ransomware to contact government agencies immediately.

In response to the note, David Carlisle, head of policy and regulatory affairs at Elliptic, posted on the Linked In social media platform: “Cryptoasset exchanges need to ensure they can monitor for any potential payments from their customers to these ransomware campaigns and should exercise scrutiny to ensure they do not enable prohibited transactions”

Click here for more about ransomware.


Pre-registration now OPEN for FinCrime World Forum

Taking place on December 1st 2020, FinCrime World Forum, a GRC World Forums initiative, is a virtual conference which will attract an audience of senior decision makers seeking; information, advice and guidance.

FinCrime World Forum will feature leading subject matter experts and thought leaders and won’t just be a series of Zoom presentations.

Learn More and Register

Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Reserve your place today and gain access to the entire event free of charge. With all sessions available to view live or on-demand, you can build a personalised agenda based on your key focus topics and make the event fit around your work schedule.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.