Treasury Department Warns of Potential Penalties for Ransomware Victims Who Pay

Late last week, the U.S. Treasury Department published an advisory warning that ransomware victims who pay hackers that are under U.S. sanctions could be punished. The advisory, which came from the Treasury’s Office of Foreign Assets Control (OFAC), also warned financial institutions, cyber insurance companies, and cybersecurity firms that help ransomware victims identify and respond to attacks that they could suffer fines if they aided payments to attackers from places like Russia, North Korea, or Iran that are on the U.S. sanctions list. Additionally, OFAC noted penalties could be levied against companies that didn’t know they were facilitating ransom payments to hackers on its sanctions list. The office said it would review each case individually when deciding when to impose fines, but said that “self-initiated, timely, and complete report of a ransomware attack to law enforcement” would help avoid civil penalties, as would cooperating with law enforcement. Abetting payments to hackers poses potential national security risks, OFAC said in explaining the reason for its advisory. “Ransomware payments made to sanctioned persons or to comprehensively sanctioned jurisdictions could be used to fund activities adverse to the national security and foreign policy objectives of the United States,” the advisory states. “Ransomware payments may also embolden cyber actors to engage in future attacks.” Read more in an article at CyberScoop.