On Oct. 1, the United States Treasury Department Office of Foreign Assets Control (OFAC) issued an advisory concerning ransomware payments and sanctions regulations. The advisory warned that paying ransoms to sanctioned persons and entities risks violating the law. It also notes that OFAC may impose civil penalties for violations even if the person did not know, or have any reason to know, that the ransomware payment was sent to an entity under sanction.
Rapid7 has previously recommended that victims not pay ransom, consistent with guidance from U.S. government agencies.
OFAC Sanctions Risk and Ransoms
OFAC has designated numerous malicious cyber actors under its sanctions programs. These include individuals and groups that develop and use ransomware and other malware (such as the Lazarus Group cybercriminal organization involved in WannaCry 2.0), as well as persons that provide support for those activities (such as individuals that laundered cryptocurrency for the Lazarus Group). OFAC’s list of blocked persons notes certain digital currency addresses and aliases associated with sanctioned persons.
OFAC’s advisory makes clear that paying a ransom to entities under OFAC sanctions risks violating its regulations. This applies to ransomware victims paying a ransom, as well as third parties that facilitate ransom payment on behalf of victims (such as cyber insurance firms, financial institutions, transactions processors, and incident response services), even ..
Support the originator by clicking the read the rest link below.
