Victims of ransomware schemes and financial institutions could violate sanctions or anti-money-laundering rules—and face stiff penalties—if they facilitate or make payments to attackers, the U.S. Treasury Department said in a pair of advisories Thursday. The notices, issued by units of Treasury’s Office of Terrorism and Financial Intelligence, warned victims and businesses that assist them to be particularly wary of making ransomware payments to blacklisted individuals and entities, including hacker groups in countries such as Iran, North Korea and Russia.
More information: https://www.wsj.
Many years ago, in Italy, there were many kidnappings by organised crime groups of the wealthy and affluent families. They would request large sums of money in exchange to return the victim\’s loved ones. The kidnappings got so bad that the Italian government initiated a ban on paying any ransom to organised crime groups. The government would seize all financial assets to prevent the kidnapped families from getting the money to pay. At first, the crime groups called the bluff of the families who couldn\’t pay and killed the family member. However, after a short while, the organised crime groups realised they couldn\’t pay, and quickly, the kidnapping and ransoms came to an end.
There is a ransomware attack on average every fourteen seconds in the U.S., and it doesn\’t appear to be slowing down.
The U.S. Treasury Department has delivered sanctions against various cybercriminal organisations where no U.S. organisations can conduct transactions with the group. Even if the organisation wishes to pay the ransom, they would have to collaborate with the U.S. Treasury, FBI, and other government agencies to send the funds.
The U.S. government\’s recommendation of not paying comes with a similar notion of not negotiating with terrorists and never paying the ransom when involved with kidnappings and thus, the anticipated action of reducing ransomware attacks.
To protect themselves, organisations should train their employees to spot social engineering attacks such as phishing emails and report them to the necessary people quickly to remediate any risk of further attacks.