In a sharp reversal from prior government guidance, the recent Treasury Department Office of Foreign Assets Control (OFAC) guidance related to ransomware payments warns of potential OFAC enforcement actions for organizations who pay ransom demands to sanctioned threat actors or threat actors who operate from sanctioned jurisdictions. This contrasts the guidance released by the FBI on October 2, 2019 (ransomware guidance) which appeared to soften the government’s stance on paying ransoms by saying “the FBI understands that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers.”
Key takeaways from this notice provide guidance for victim organizations who self-report/engage Law Enforcement are likely to have enforcement action risk mitigated significantly. Additionally, they warn that Digital Forensic and Incident Response (DFIR) consultants (e.g., BW Cyber Services), insurance carriers, and ransom negotiation firms could fall afoul of this guidance if they don’t take appropriate care to understand who they are helping their customer pay without the guidance of law enforcement organizational input.
If you are not familiar with Ransomware, it is a type of malicious software that encrypts your computer files, photos, music and documents and then demands payment in crypto currency (usually Bitcoin) to recover access to the files. The ease in which criminals can procure and direct this software toward unsuspecting users has resulted in a rapid increase in ransomware. The simplicity at which these attacks can be conducted comes from the proliferation of point-and-click tools sold in the cybercrime underground that make it extremely simple for anyone to begin extorting money from you. Moreover, the increased sophistication of phishing emails to deliver these payloads make ransomware a criminal’s “perfect storm.”
For more information or to have BW Cyber Services conduct a non-invasive custom mock phishing attack campaign to train your users – please contact via e-mail or call 646-779-8976.