US Treasury OFAC Moves to Counter Ransomware Attacks
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory that highlights the risks of paying ransom to cybercriminals who attack IT systems with malware. This advisory describes the potential sanctions risks associated with making and facilitating ransomware payments to hackers.
The OFAC advisory also discusses steps that organizations can take to protect their IT systems and enforcement action from the US Treasury.
Organizations and government agencies of any size are attacked with ransomware by hackers. No one should assume they are immune because of the inability to pay. Ransomware attacks are carried out against private firms of all sizes and budgets. Enterprise-level critical infrastructure organizations are a prime target due to a perceived ability to pay a large sum, but attacks also take place against school districts and small businesses.
The Treasury Department intends to disrupt criminal networks and virtual currency exchanges responsible for laundering ransom payments made to halt ransomware attacks.
“Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations,” says the advisory.
Private companies attacked with ransomware routinely contract with cybersecurity firms to halt the attack either by decrypting systems or paying the ransom.
For example, the highly publicized Colonial Pipeline ransomware attack ended when the company decided to pay hackers over $5 million in ransom. after one week but being crippled by the attack the company paid to get control of their systems. the FBI later recovered part of the money by going after some of the money laundering operations used to move the ransom two accounts accessible by the hackers
What is ransomware?
Ransomware is a type of malware – malicious computer coding – used to infect and hijack computers, servers, and entire IT networks. The cybercriminals then control the computers and the information they contain, until the ransom is paid.
READ Colonial Pipeline Ransomware Attack Caused Data Breach
OFAC Specially Designated Nationals List Updated
OFAC has also updated its list of Specially Designated Nationals (SDN). Individuals and businesses in the United States are forbidden from transacting with anyone or anything listed on the SDN list.
Some of the entities listed on the updated SDN list include digital currency addresses.
There was almost a 21 percent increase in reported ransomware cases and a 225 percent increase in associated losses from 2019 to 2020, says the Federal Bureau of Investigation (FBI.)
Individuals and organizations can learn more at the US Federal government official website StopRansomware.gov.