Risk Management

Firms may be punished for paying ransoms to sanctioned hackers

October 01, 2020 Reprints

Cyber Risks Emerging Risks Technology Asia-Pacific & Australasia More + Less -

(Reuters) — Facilitating ransomware payments to sanctioned hackers may be illegal, the U.S. Treasury said on Thursday, signaling a crackdown on the fast-growing market for consultants who help organizations pay off cybercriminals.

In a pair of advisories, the Treasury’s Office of Foreign Assets Control and its Financial Crimes Enforcement Network warned that facilitators could be prosecuted even if they or the victims did not know that the hackers demanding the ransom were subject to U.S. sanctions.

Ransomware works by encrypting computers, holding a company’s data hostage until a payment is made. Organizations have often ponied up ransoms to liberate their data.

“It is a game-changer,” said Alon Gal, chief technology officer of Hudson Rock, which works to head off ransomware attacks before they happen.

Before, companies could decide whether to pay cybercriminals off, he said. Now that those decisions are being brought under government oversight “we are going to see a much tougher handling of these incidents.”

The Enforcement Network’s advisory also warned that cybersecurity firms may need to register as money services businesses if they help make ransomware payments. That would impose a new reporting requirement on a previously little-regulated corner of the cybersecurity industry.

Ransomware has become an increasingly visible threat in the United States and abroad. Cybercriminals have long used the software to loot their victims. Some countries, notably North Korea, are also accused of deploying ransomware to earn cash.