The U.S. Department of the Treasury this week issued an advisory to warn companies that facilitate ransomware payments of the potential legal implications resulting from sending money to sanctioned entities.
The Treasury Department’s Office of Foreign Assets Control (OFAC) says there has been a rise in ransomware attacks on U.S. organizations, which has resulted in an increase in the demand for ransomware payments.
Many organizations from around the world, including several cities and universities in the U.S., have paid significant amounts of money to recover their files following a ransomware attack.
However, the Treasury Department warns, companies that facilitate ransomware payments to cybercriminals on behalf of victims not only encourage future attacks, but also risk violating OFAC regulations. The advisory specifically lists cyber insurance companies, financial institutions, and providers of incident response and digital forensics services as organizations that can facilitate ransomware payments.
The OFAC noted that many cyber threat actors have been sanctioned over the past years, including for attacks involving malware such as Cryptolocker (linked to a Russian individual), SamSam (linked to Iranians), WannaCry (linked to North Korea) and treasury department warns ransomware payment facilitators legal implications
