U.S. Treasury Puts Out New Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments



US Treasury Ransomware WarningAn update to the October 2020 advisory, the U.S. Treasury warns companies to mitigate ransomware attacks rather than paying ransoms to threat actors that pose a threat to national security.

The U.S. Treasury’s Office of Foreign Assets Control (OFAC) has long maintained a Specially Designated Nationals and Blocked Persons List (SDN List) which I wrote about a few months back. The existence of this list automatically made it questionable as to whether organizations should be paying ransoms for foreign nationals. And according to the U.S. Treasury, doing so could put your company in a ton of trouble.

I'm not sure if you noticed, but cybersecurity security training was the number three recommendation on their recommended mitigation list (behind backups and incident response). Training is in front of AV and patching. That's noteworthy.  The latest advisory from the U.S. Treasury makes it far more clear:

“Ransomware payments made to sanctioned persons or to comprehensively sanctioned jurisdictions could be used to fund activities adverse to the national security and foreign policy objectives of the United States.”

They also make it very clear that there are consequences should you pay a ransom to someone on the SDN List:

“OFAC may impose civil penalties for sanctions violations based on strict liability, meaning that a person subject to U.S. jurisdiction may be held civilly liable even if such person did not know or have reason to know that it was engaging in a transaction that was prohibited under sanctions laws and regulations administered by OFAC.”

Mitigation is always a better choice, as there is no guarantee that you’ll get all of your data back anyway, and you’ll still need to recover affected systems, as you can’t be certain that there is no additional malware providing threat actors access on those same now-decrypted systems.


Free Ransomware Simulator Tool

Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 22 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

RansIm-Monitor3Here's how it works:

  • 100% harmless simulation of real ransomware and cryptomining infections
  • Does not use any of your own files
  • Tests 21 types of infection scenarios
  • Just download the install and run it 
  • Results in a few minutes!

Get RanSim!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/ransomware-simulator

Topics: Ransomware

Subscribe To Our Blog


Cybersecurity Awareness Month Resource Kit




Get the latest about social engineering

Subscribe to CyberheistNews