US Treasury Warns of Sanctions Violations for Paying Ransomware Attackers
A new government advisory warns against paying ransomware demands to cybercriminals as it may be illegal under US Treasury sanctions against certain threat actor groups. The advisory came as a surprise to cybersecurity professionals and will likely cause complications in the future for businesses hit by ransomware attacks. The Treasury’s Office of Foreign Assets Control stated that by paying off ransomware demands, businesses are paying off cybercriminals, which is illegal under OFAC regulations.
Although law enforcement officials and experts frequently advise entities hit by ransomware not to pay demands, many victims will end up transferring funds anyways if they do not have protected backups of files encrypted by the ransomware. The advisory also notes that money from ransomware demands could be used to fund criminal activity and activities adverse to national security and foreign policy objectives, as well as emboldening cybercriminals to engage in future attacks.