The ways organizations should react following a ransomware attack were discussed during a session at the RSAC 365 Virtual Summit.
This topic was highlighted in context of an advisory issued in October 2020 by the US Department of the Treasury concerning the payment of ransomware. Adam Hickey, deputy assistant attorney general, National Security Division, Department of Justice, explained that “essentially it reminds the audience that if you engage in transactions with a sanctioned entity or person, you can be civilly liable, and the Treasury has the authority to bring an enforcement action even if you didn’t know what you were doing.”
This advisory covers malicious actors that have been designated under the scope the Office of Foreign Assets Control (OFAC)’s cyber-related sanctions program, including Cryptolocker, SamSam, WannaCry 2.0 and Dridex. Hickey added that it outlines factors that will impact the Treasury’s judgement on whether a penalty is appropriate. This includes “whether the US company or entity had a risk-based compliance program in place, designed to identify and mitigate sanctions risk” and also if the victim “reached out to law enforcement and was transparent with them.”
While some have viewed this as harsh on ransomware victims, Hickey said the guidance is aimed more towards the intermediaries that may be relied on to make a ransomware payment, such as insurance firms and forensic companies, helping ensure they develop risk-based compliance programs.
Such a strict approach is necessary amid rising ransomware attacks to make all online users safer, according to Hickey. He commented: “As an individual entity you may be better off paying the ransom, but all of us ar ..
Support the originator by clicking the read the rest link below.
