If your business has been experiencing more phishing, ransomware and malware attacks during the pandemic, you are not alone. Recent data presented by the FBI indicates such cyber attacks and ransom requests are on the rise. Meanwhile these attacks are generating massive revenue for the attackers. Citing recently released FBI data, the US Department of the Treasury, through the Office of Foreign Assets Control (“OFAC”), has placed businesses on notice that payment of ransoms to certain cyber attackers could get a company in trouble under U.S. sanctions laws and regulations for helping to finance sanctioned organizations. Sanctions violations carry significant civil and criminal penalties, as well as reputational and other risks. Therefore this latest warning highlights a new and significant consideration in ransomware incident response.
A recent advisory issued by OFAC recognizes that certain sanctioned governments and cybercrime organizations are behind many of the recent ransomware attacks. The advisory references several different types of ransomware software used or developed by sanctioned persons, including Cryptolocker reportedly developed by sanctioned person Evgeniy Mikhailogich Bogachev; SamSam ransomware, allegedly supported by certain sanctioned Iranians; Wannacry 2.0, linked to Lazarus Group, a sanctioned cybercriminal organization allegedly sponsored by North Korea; and Dridex malware, used by sanctioned Russia-based organization Evil Corp.