The United States Treasury department sternly warns cyber-insurers and other financial institutions that make payments to hackers are risking violation of sanctions rules.
The US Treasury States That Companies Could Be Punished for Paying Hacker Ransoms
October 15, 2020
The United States Treasury department sternly warns cyber-insurers and other financial institutions that make payments to hackers are risking violation of sanctions rules. The Financial Crimes Enforcement Network (FinCEN) issued a release that stated, “The U.S. Department of the Treasury today issued a pair of advisories to assist U.S. individuals and businesses in efforts to combat ransomware scams and attacks, which continue to increase in size and scope.” As many have seen this year, hacking is on the rise especially as many workers in the United States continue to work from home, many into the unforeseeable future. As this new work culture develops, so does the increased hacking attempts. The release issued by FinCEN states that “The Office of Foreign Assets Control (OFAC) advisory, entitled Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, highlights the sanctions risks associated with facilitating ransomware payments on behalf of victims targeted by malicious cyber-enabled activities.”
The United States Treasury Department states that “Anti-money laundering and sanctions regulations implemented and enforced by Treasury’s Office of Terrorism and Financial Intelligence may have implications for persons involved in facilitating ransomware payments.” The release continues to state that “Efforts to detect and report ransomware payments are vital to prevent and deter cyber actors from deploying malicious software to extort individuals and businesses, and to hold ransomware attackers accountable for their crimes.” In an effort to prosecute hackers, the Treasury Department asks cyber-insurers and other financial institutes not to make payments to hackers so as to not hinder justice.
In combination with the multiple releases issued by The United States Treasury Department and FinCEN, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory that specifically states risks that are associated with payments to hackers. The OFAC specifically states that ransomware is to blame for the payments being made. The OFAC states the ransomware is “… a form of malicious software (“malware”) designed to block access to a computer system or data, often by encrypting data or programs on information technology systems to extort ransom payments from victims in exchange for decrypting the information and restoring victims’ access to their systems or data.” The advisory states that in addition to these crimes, hackers may also access sensitive files in order to blackmail a victim into paying additional ransom money.
The advisory made by the OFAC specifically states that ransomware reports have gone up 37 percent from 2018 to 2019 totaling more than a 147 percent increase in annual losses. This means big business for hackers as their ransomware attacks have been paying off in recent years. The advisory continues to state that payments made to hackers threaten U.S. National Security and its interests. OFAC uses the example that criminals may be emboldened to continue with larger and bolder attacks all while the victim has no guarantee that their ransomware will be stopped.
Victims of ransomware are encouraged to contact the United States Treasury Department’s Office of Cybersecurity and Critical Infrastructure Protection only if the hack involves a U.S. financial institution. If you are the victim of hacking, Synergy Infosec is here to help with our easy-to-use dashboard and trustworthy consulting services.
The first thing any company should think of is protecting their business. Our cybersecurity scanners and tools will protect your business product, so you can focus on conquering the market and leaving your competitors far behind!
Sign up to receive our security newsletters