Paying Ransomware Demands May Violate Sanctions, US Treasury Warns

US officials have issued a stark warning to financial institutions and insurers who have paid hackers following cyberattacks.

In recent years – despite clear advice from security professionals – there has been a spate of payouts to cybercriminals following ransomware attacks, as well as payouts to stop hackers targeting particular businesses, or for them to delete sensitive data stolen in an attack.

But now the US Treasury Department has official warned insurers or anyone else paying these online criminals, they could well be violating US sanction rules, Reuters reported.

Sanction warning

The warnings came in advisories from the US Treasury’s Office of Foreign Assets Control (OFAC) and Financial Crimes Enforcement Network (FinCEN).

It specifically mentions ransomware, which typically cripples a victims computer network by infecting and encrypting it, and demanding a ransom (typically paid in cryptocurrency) in return for an encryption key to unlock systems.

OFAC reportedly cited cyberattacks dating to 2015 that were traced to hackers in North Korea and Russia, both countries that have US sanctions against them.

FinCEN has also warned to a growing industry of forensics firms that help organisations respond to cyberattacks, including processing the payment.

The United States can impose economic and trade sanctions on countries that sponsor terrorism or violate human rights, Reuters reported.

This means that financial institutions that engage with them or some individuals can face prosecution and penalties.

Hacker payouts

And there is a very good reason the US Treasury’s Office has issued these warnings, in light of the current circumstances.

Recent ransomware attacks have targeted hospitals with devastating effects (including deaths), but these attacks have also crippled factories, companies, and even whole cities.

In the US alone, 764 healthcare providers were hit by ransomware last year, according to data compiled by Emsisoft.

And despite advice against it, some of these institutions opt to pay the hackers.

In July for example, fitness and navigation specialist Garmin admitted that it was the victim of a ransomware attack, after first reporting an “outage”.

Media reports at the time suggested Garmin had “obtained the decryption key” to recover its computer files, but the firm “did not directly make a payment to the hackers.”

This meant that Garmin may have made a payment via a third party, but if that is the case, the company risked violating US Treasury sanctions against the Russian hackers Evil Corp.

In June this year, the city of Keizer (in Oregon) reportedly paid a ransom of $48,000 to regain control of its computer system after a ransomware attack.

In January of this year, a ransom of $300,000 was paid by Tillamook County (in Oregon) to recover systems following a ransomware attack.

Last year Lake City (in Florida) opted to pay hackers after a ransomware attack. They paid a staggering $500,000 (£394,000), most of which covered by an insurance policy.

Another city – Riviera Beach City (also in Florida) – also voted unanimously to pay hackers $600,000 who took over their computer systems via a ransomware attackin 2019.

US warning

But will the clear warning from the US Treasury’s Office actually halt these payouts to hackers?

Well, it will add another layer of concern for cyber insurers, who have been ramping up rates and trying to curb exposure to vulnerable customers because of surging costly ransomware claims in recent years, Reuters reported.

The average ransomware payment reportedly jumped by 60 percent to $178,254 between the first and second quarters, according to Coveware (a firm that reportedly helps negotiate and facilitate cyber ransom payments).

Sophisticated insurers and financial institutions are already aware of the sanctions concern, Sumon Dantiki, a King & Spalding LLC lawyer who advises on national security and cyber matters told Reuters.

“Will victims who are insured still decide to make the payments?” Dantiki said. “This type of public advisory could affect the calculus there.”

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

3 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

4 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

5 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

7 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

9 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

10 hours ago