Companies paying or using intermediaries to pay extortion to ransomware operators will face sanctions in the United States
Companies like Garmin who used intermediaries to pay ransom amount to Evil Corp who had infected Garmin servers will have to think twice before doing so. United States government has firmed up plans to impose strict penalties on companies who pay up ransom amount or use intermediaries for the same when they are infected with ransomware.
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued an advisory to alert companies that engage with victims of ransomware attacks of the potential sanctions risks for facilitating ransomware payments.
OFAC has powers to impose financial penalties and costs on companies that operate in the United States and break the law. Under the advisory, the OFAC confirmed that businesses that facilitate ransomware payments, including financial institutions, cyber insurance providers, and companies involved in digital forensics and incident response, “not only encourage future ransomware payment demands but also may risk violating OFAC regulations”.This advisory highlights OFAC’s designations of malicious cyber actors and those who facilitate ransomware transactions under its cyber-related sanctions program.
Instead of bowing to ransomware operators and paying extortion amount, OFAC wants companies that are infected with ransomware to report such attacks to and fully cooperate with law enforcement, as these will be considered significant mitigating factors.
OFAC said that “ransomware payments with a sanctions nexus threaten US national security interests”. It encouraged businesses to submit a “timely, and complete report” of ransomware attacks to law enforcement agencies, suggesting that those that do so could benefit from a more lenient approach to enforcement “if the situation is later determined to have a sanctions nexus”.
In the future companies that operate in the United States would have to approach authorities instead of dealing with the ransomware operators in case they fall victim to ransomware infection.