Security News > 2020 > October > Treasury Department Warns Ransomware Payment Facilitators of Legal Implications
The U.S. Department of the Treasury this week issued an advisory to warn companies that facilitate ransomware payments of the potential legal implications resulting from sending money to sanctioned entities.
The Treasury Department's Office of Foreign Assets Control says there has been a rise in ransomware attacks on U.S. organizations, which has resulted in an increase in the demand for ransomware payments.
The Treasury Department warns, companies that facilitate ransomware payments to cybercriminals on behalf of victims not only encourage future attacks, but also risk violating OFAC regulations.
"OFAC already provides a list of sanctioned entities. Victim organizations are required to check the list prior to paying extortion demands. However, the true identity of the cyber criminals extorting victims is usually not known, so it's difficult for organizations to determine if they are unintentionally violating U.S. Treasury sanctions. Sometimes victims pay threat actors before they are sanctioned. For example, many victims have paid the 'SamSam' ransomware operators in the past, not knowing they were based in Iran at the time," Charles Carmakal, SVP & CTO at FireEye Mandiant, told SecurityWeek.
"In recent months, the individuals involved with the Dridex banking malware have been connected with the WastedLocker ransomware family. Some extortion payment organizations have decided that they would not pay extortion demands associated with WastedLocker incidents out of fear of violating U.S. Treasury sanctions," he added.