New U.S. Government Sanctions on Facilitating Ransomware Payments

November 25, 2020
IT Security, News, Technology
6 min read

There has been a significant uptick in ransomware attacks during the COVID-19 pandemic. This malicious software is designed to block access to systems or data in an effort to extort ransom payments. Ransomware has been affecting businesses around the world for years, causing downtime, data loss, data breaches, and intellectual property theft.

Cybercriminals have continued to evolve their techniques this year, and there has been a significant rise in ransomware targeting online systems that Americans rely on to conduct business. COVID-19 pandemic-themed ransomware usually gets installed on a workstation using a “social engineering attack” – where a person is tricked into clicking on a phishing link or opening an attachment (KnowBe4). In response to this growing security threat, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued an advisory on potential sanctions risks for facilitating ransomware payments.

That means that it is now illegal to be the party who distributes ransomware payments – even to get your own data back.

The reason for this advisory is, companies that facilitate ransomware payments on behalf of victims encourage future ransomware payment demands and fund illicit activities that impact national security. Paying a ransom also does not guarantee that the victim will regain access to its stolen data.

OFAC has imposed sanctions on malicious cybercriminals and others who materially assist, sponsor, or provide financial, material, or technological support for these activities. For any company that violates this sanction, OFAC may impose civil penalties based on strict liability. That means that a person subject to U.S. jurisdiction may be held civilly liable even if it did not know or have reason to know it was engaging in a transaction with a person that is prohibited under sanctions laws and regulations administered by OFAC. OFAC’s Economic Sanctions Enforcement Guidelines provide more information regarding OFAC’s enforcement of U.S. economic sanctions, including the factors that OFAC generally considers when determining an appropriate response to an apparent violation.

Download Full Report Here

Does This Advisory Impact my Business?

The big question is, how does this advisory impact you? As a business operating in the United States, ransomware is the number one security risk to your organization. According to KnowBe4, there are currently tens of thousands of ransomware victims, including school districts, police departments, and entire cities. More than half of these organizations, from large enterprises to SMBs, end up paying the ransom.

To reinforce the importance of this security advisory, let’s evaluate your decision based on the BANT ideology, one of the most well-known sales qualification techniques used to determine the right customer-to-business fit.

  • B- Budget
    If you’re currently in business, you need to stay in business and cannot afford downtime, especially a ransomware attack.
  • A- Authority
    As an MSP and trusted IT provider, we recommend getting this in front of your stakeholders, clients, and partners as soon as possible.
  • N- Need
    This is no longer a “what if” or “it won’t happen to me, and I’ll deal with it if it does” situation – this is now an official need.
  • T- Timing
    It’s now. No one wants to be on a criminal list for trying to get their data back, and no MSP wants to be left holding the legal liability with their clients.

As a general matter, OFAC encourages financial institutions and other companies to implement a “risk-based compliance program” to mitigate exposure to sanctions-related violations. This also applies to companies that engage with victims of ransomware attacks, such as those involved in providing cyber insurance, digital forensics and incident response, and financial services that may involve processing ransom payments (including depository institutions and money services businesses).

Business Continuity and Disaster Recovery (BCDR) Planning

As ransomware attacks continue to rise and can now have an even bigger impact on your operations with these new sanctions, it’s important to get serious about prevention. The best way to prevent a ransomware attack is to have an up-to-date Business Continuity and Disaster Recovery (BCDR) strategy in place.

A BCDR plan is a set of processes used to help your business recover as quickly as possible in the face of a disaster, like a ransomware attack. This security plan integrates both business continuity and disaster recovery to ensure that all areas of your business are covered, and your data is protected.

  • Business continuity involves designing and creating corporate policies and procedures that ensure your core business functions are available during and after an attack.
  • Disaster recovery is how your IT department responds during the attack, which includes server and network restoration, data backups, etc.

Having a proper BCDR plan in place enables businesses to minimize both the downtime and the disruption cost. If you need help revising your BCDR strategy or have any questions about creating one, Tigunia can help. We have a talented team of IT and data security experts ready to protect your data, systems, and applications from any threat. With extensive knowledge in disaster recovery and business continuity planning, we have the tools and software to help you reduce the risk of a ransomware attack and fully restore your systems quickly and affordably.

Contact Us

Contact Information for Relevant Government Agencies

OFAC encourages victims and those involved with addressing ransomware attacks to contact OFAC immediately if they believe a request for a ransomware payment may involve a sanctions nexus. Victims should also contact the U.S. Department of the Treasury’s Office of Cybersecurity and Critical Infrastructure Protection if an attack involves a U.S. financial institution or may cause significant disruption to a firm’s ability to perform critical financial services.

  • U.S. Department of the Treasury’s Office of Foreign Assets Control
    • Sanctions Compliance and Evaluation Division:; (202) 622-2490 / (800) 540-6322
    • Licensing Division:; (202) 622-248
  • U.S. Department of the Treasury’s Office of Cybersecurity and Critical Infrastructure Protection (OCCIP)
    •; (202) 622-3000
  • Financial Crimes Enforcement Network (FinCEN)
    • FinCEN Regulatory Support Section:
  • Federal Bureau of Investigation Cyber Task Force
  • U.S. Secret Service Cyber Fraud Task Force
  • Cybersecurity and Infrastructure Security Agency
  • Homeland Security Investigations Field Office