Ransomware Victims May Now Face Federal Fines

On October 1st, 2020 the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) released an advisory on potential consequences for facilitating payments to groups running ransomware operations.

OFAC's Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments states that victims of ransomware, along with, “companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response,” could face fines from the US government for paying, or assisting a company in paying, ransom demands to certain sanctioned groups. OFAC specially calls out several cyber actors designated under its cyber-related sanctions program, including the developer of Cryptolocker, Iranians associated with SamSam, the North Korean sponsored Lazarus Group linked to WannaCry 2.0 and the Russia-based Evil Corp responsible for Dridex.

This appears to be an attempt to both encourage ransomware victims to report incidents to the government and dissuade companies from paying ransoms to groups that have been identified as threats to national security interests. Paying cyber criminals enables them to advance their criminal operations, encourages future attacks and, “fund activities adverse to the national security and foreign policy objectives of the United States.”   

Ransomware victims often meet their attacker’s payment demands since it can be less costly and time-consuming compared to rebuilding their network and attempting to make up for lost business records and data, some of which recovery of is critical to business operations.

The OFAC advisory also states that civil penalties may be imposed based on, “strict liability,” meaning that companies may be held liable for payments made to sanctioned groups or individuals, even if it was unknown that the adversary engaged with had been placed under sanctions. However, OFAC does state that disclosing cyber incidents to law enforcement and cooperating with U.S. agencies in the aftermath would be considered when deciding sanctions related to ransom payments.

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at cybersecurity@schneiderdowns.com

In addition, our Incident Response Team is available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident. 

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at contactSD@schneiderdowns.com.

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2020 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on

‘Tis the Season – Cybersecurity and Holiday Shopping
Ransomware Attack Disrupts Popular Sports Gambling Sites
Ransomware Victims May Now Face Federal Fines
Schneider Downs Shortlisted for PTC Tech 50 Cybersecurity Award
Cybersecurity Tips from Home Video Series
National Cybersecurity Awareness Month 2020

Register to receive our weekly newsletter with our most recent columns and insights.

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us

contact us

Map of Pittsburgh Office

One PPG Place, Suite 1700
Pittsburgh, PA 15222

p:412.261.3644     f:412.261.4876

Map of Columbus Office

65 East State Street, Suite 2000
Columbus, OH 43215

p:614.621.4060     f:614.621.4062

Map of Washington Office
Washington, D.C.

1660 International Drive, Suite 600
McLean, VA 22102