OFAC Warns That Firms Helping Victims With Ransomware Payouts Risk Violating Its Rules

If you assist a ransomware victim in paying out to cyber attackers, you could end up facing civil penalties, OFAC says.

Oct 5, 2020 at 12:34 p.m. UTC
Updated Sep 14, 2021 at 10:04 a.m. UTC

The Office of Foreign Assets Control (OFAC) has warned that paying out to recover from ransomware attacks can be a breach of its rules.

  • In an advisory issued Friday, OFAC – a wing of the U.S. Department of the Treasury – said there's a sanctions risk with complying with such demands, which have increased since the start of the coronavirus pandemic.
  • The Office specifically pointed to companies that facilitate negotiations with cyber attackers regarding ransomware payouts.
  • Firms including financial institutions, insurance firms and others working in digital forensics, "not only encourage future ransomware payments demands but also may risk violating OFAC regulations," it said.
  • Ransomware is malicious software that propagates across computer networks and will lock up systems using encryption.
  • In order to receive a key to unlock their files and infrastructure, victims normally need to pay out a ransom in cryptocurrency.
  • OFAC cites data from the Federal Bureau of Investigation indicating ransomware demands rose by 37% in from 2018 to 2019, while the level of losses to such attacks rose 147% over the same period.
  • With OFAC responsible for issuing economic and trade sanctions against foreign nations or entities considered to infringe the U.S.'s foreign and security policies, it said that paying ransoms to those on its Specially Designated Nationals And Blocked Persons List could result in fines.
  • Civil penalties can be applied even if the payer did not know the recipient was on the list, the Office warned.
  • Such a situation may be mitigated if the entity facing a ransom demand submits a "timely and complete" report on the attack to law enforcement. Victims should also reach out to OFAC, according to the advisory.
  • The warning came the same day the U.S. Financial Crimes Enforcement Network (FinCEN) issued its own advisory on ransomware, stressing that governmental entities and financial, educational and health care institutions have been seeing more of these attacks.
The Festival for the Decentralized World
Thursday - Sunday, June 9-12, 2022
Austin, Texas
Save a Seat Now

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Trending

1
CoinDesk - Unknown
Justin Sun Still Thinks Algorithmic Stablecoins Are a Good Idea

The crypto mogul also said LUNA and UST might make good "meme coins," he said on CoinDesk TV’s “First Mover.”

The crypto mogul also said LUNA and UST might make good "meme coins," he said on CoinDesk TV’s “First Mover.”

CoinDesk - Unknown
2
CoinDesk - Unknown
Former BitMEX CEO Arthur Hayes Sentenced to 2 Years Probation

Hayes pleaded guilty to one count of violating the Bank Secrecy Act (BSA) in February, and faced a sentence of up to 12 months in prison.

Hayes pleaded guilty to one count of violating the Bank Secrecy Act (BSA) in February, and faced a sentence of up to 12 months in prison.

CoinDesk - Unknown
3
CoinDesk - Unknown
Market Wrap: Cryptos Decline Amid Choppy Trading, DeFi Tokens Underperform

Aversion to risk remains as volatility returns to stocks and cryptos.

Aversion to risk remains as volatility returns to stocks and cryptos.

CoinDesk - Unknown
4
CoinDesk - Unknown
Travis Kling on Why a Decentralized Web 3 Is Worth Fighting For

Plus more about Ikigai's new Web 3 venture fund.

Plus more about Ikigai's new Web 3 venture fund.

CoinDesk - Unknown