New regulatory activity may help companies experience fewer ransomware attacks and could impact whether ransoms can be paid to threat actors. The activity includes guidance and sanctions by the Department of Treasury (“Treasury”) and a host of resources provided by the Health and Human Services Office for Civil Rights. This post describes the activity, its impact on companies that experience a ransomware attack, and practical takeaways for in-house counsel.
DEPARTMENT OF TREASURY
Yesterday, Treasury issued a press release announcing the designation of SUEX OTC, a virtual currency exchange, to the Specially Designated Nationals and Blocked Persons List (“the SDN List”). Treasury also issued an Updated Advisory on Potential Sanctions Risk for Facilitating Ransomware Payments.
By way of background, Treasury’s Office of Foreign Assets Control (OFAC) is responsible for administering and enforcing sanctions against foreign countries, terrorists, and other entities or individuals engaged in activities deemed to be a threat to U.S. national security or the U.S. economy. To that end, OFAC may levy civil and criminal penalties against U.S. companies that engage in financial transactions with entities on the SDN List. The SDN List is essentially a list of bad guys you’re not allowed to help or do business with, and you can search it here. Treasury will sometimes update the SDN List to include criminal organizations engaged in ransomware attacks.
Treasury’s Designation of SUEX to the SDN List
For the first time, Treasury has added a virtual currency exchange to the SDN List. Treasury believes SUEX has facilitated financial transactions for threat actors as ..
Support the originator by clicking the read the rest link below.
