The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) recently issued an advisory to highlight the sanctions risks of ransomware payments. The advisory warns companies and others that ransomware payments to cyber criminals on OFAC’s blocked persons lists and those covered by embargoes are prohibited.
Violators of OFAC regulations face financial sanctions that may be reduced if they meet certain conditions. “Under the Enforcement Guidelines… the existence, nature, and adequacy of a sanctions compliance program is a factor that OFAC may consider when determining an appropriate enforcement response,” the OFAC notice reads.
“Now more than ever, preventative and recovery controls are necessary,” stated Carl Mazzanti, President and Co-founder, eMazzanti Technologies. “This can all be achieved with eMazzanti’s e365 services to protect your business.”
Significant portions of the Treasury Department’s advisory are presented below to highlight the importance of appropriate ransomware preventative measures to mitigate the sanctions risk.
“The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) is issuing an advisory to alert companies that engage with victims of ransomware attacks of the potential sanctions risks for facilitating ransomware payments,” the advisory reads.
According to the Treasury Department notice, Demand for ransomware payments has increased during the COVID-19 pandemic as cyber actors target online systems that U.S. persons rely on to continue conducting business.
“Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations,” states the advisory.
“In recent years, ransomware attacks have become more focused, sophisticated, costly, and numerous. According to the Federal Bureau of Investigation’s 2018 and 2019 Internet Crime Reports, there was a 37 percent annual increase in reported ransomware cases and a 147 percent annual increase in associated losses from 2018 to 2019.”
While ransomware attacks hit large corporations, many ransomware attacks also target small- and medium-sized businesses, local government agencies, hospitals, and school districts. These organizations may be more vulnerable because they may lack resources to invest in cyber protection.
According to the advisory, under the authority of the International Emergency Economic Powers Act (IEEPA) or the Trading with the Enemy Act (TWEA), U.S. persons are generally prohibited from engaging in transactions, directly or indirectly, with individuals or entities (“persons”) on OFAC’s Specially Designated Nationals and Blocked Persons List (SDN List). The law also prohibits payments to other blocked persons, and those covered by comprehensive country or region embargoes (e.g., Cuba, Iran, North Korea, and Syria).
The OFAC encourages financial institutions and other companies to implement a risk-based compliance program to mitigate exposure to sanctions-related violations. This also applies to companies that engage with victims of ransomware attacks, such as those involved in providing cyber insurance, digital forensics and incident response, and financial services that may involve processing ransom payments (including depository institutions and money services businesses).
The notice encourages the sanctions compliance programs of these companies to account for the risk that a ransomware payment may involve an SDN or blocked person or an embargoed jurisdiction.
Under the OFAC Enforcement Guidelines, authorities will consider a company’s self-initiated, timely, and complete report of a ransomware attack to law enforcement to be a significant mitigating factor in determining appropriate enforcement. OFAC will also consider a company’s full and timely cooperation with law enforcement both during and after a ransomware attack to be a significant mitigating factor when evaluating a possible enforcement outcome.
As organizations work to prevent ransomware, they must ensure early detection, respond to attacks and enlist the help of qualified security experts. eMazzanti helps business leaders implement comprehensive, ransomware protection and crisis control procedures if required. For organizations with limited IT resources, eMazzanti provides reliable managed IT security services to keep your valuable information safe.
In today's dynamic business environment, scalability isn't just a desirable feature—it's often a critical factor…
In the landscape of website security, there is one major overlooked issue: user enumeration in…
In today's interconnected digital landscape, cybersecurity threats continue to evolve at a rapid pace, posing…
Network printers are an essential component of operational efficiency in today's interconnected workplace. As opposed…
As Cyber Security threats continue to rise, network door locks have become one of the…
Microsoft Exchange is a popular email, calendaring, contact, and task management platform. Exchange, which debuted…