United States: Watch Out - Paying Ransomware May Lead To Sanctions!

Darkreading.com reported about the Department of the Treasury issued an Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments "...that likely will cause consternation among cybersecurity professionals and organizations faced with ransomware attacks, the Treasury's Office of Foreign Assets Control (OFAC) warned of possible US policy violations for organizations or individuals who pay ransom to ransomware attackers who have been officially sanctioned by OFAC."  The October 1, 2020 report entitled "US Treasury Warns of Sanctions Violations for Paying Ransomware Attackers" included these comments:

In a surprising advisory issued today that likely will cause consternation among cybersecurity professionals and organizations faced with ransomware attacks, the Treasury's ...OFAC.. warned of possible US policy violations for organizations or individuals who pay ransom to ransomware attackers who have been officially sanctioned by OFAC.

Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations

Although law enforcement officials and experts advise victim organizations not to pay when hit with ransomware attacks, many victims have had to cough up cryptocurrency if they don't have protected backups of their locked-down systems, for example.

It is very important for the Cyber community study this Advisory!

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.