US Treasury Department Warning: Are Ransomware Payments Illegal?
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued an advisory regarding potential sanction risks for facilitating ransomware payments. This advisory comes during the coronavirus (COVID-19) pandemic, which has led cybercriminals to increasingly launch ransomware attacks against U.S. organizations.
Financial institutions, cyber insurance providers and other organizations may facilitate ransomware payments to cybercriminals on behalf of victims, OFAC pointed out. In doing so, these organizations may inadvertently encourage future ransomware payment demands and violate OFAC regulations.
OFAC Malicious Cyber Actors: What You Need to Know
OFAC has designated malicious cyber actors under its cyber-related sanctions program and other sanctions programs. These cyber actors may initiate ransomware attacks, such as:
- Cryptolocker: OFAC designated Cryptolocker developer Evgeniy Mikhailovich Bogachev as a malicious cyber actor in December 2016.
- SamSam: In November 2018, OFAC designated two Iranians as malicious cyber actors after it discovered they provided material support for a malicious cyber activity and were linked to digital currency addresses used to funnel SamSam proceeds.
- WannaCry: OFAC designated the Lazarus Group, a cybercriminal organization sponsored by North Korea, and subgroups Bluenoroff and Andariel as malicious cyber actors in September 2019; the aforementioned groups were linked to a May 2017 WannaCry 2.0 attack that infected approximately 300,000 computers globally.
OFAC will continue to impose sanctions on cyber actors and others who materially assist, sponsor or provide financial, material or technological support for malicious activities.
How to Guard Against Ransomware Attacks
Facilitating a ransomware payment that is demanded as a result of malicious cyber activities may enable cybercriminals to profit and lead them to engage in future attacks, OPAC noted. Ransomware payments made to sanctioned persons or jurisdictions also could be used to fund activities that put U.S. national security and foreign policy objectives in danger, and they do not guarantee that a victim will be able to regain access to stolen data.
Meanwhile, there are many things that organizations can do to guard against ransomware attacks, such as:
- Provide workers with regular cybersecurity training
- Establish and maintain a business continuity strategy
- Use multiple security solutions to protect all endpoints
Furthermore, MSSPs can help organizations keep pace with ransomware attacks and other cyber threats. MSSPs can identify security risks across an organization and deploy services to mitigate these dangers.