Ransomware remains a very prominent problem, and one with some unforeseen consequences. American companies paying the ransom may face a face of up to $20 million. This applies to paying extortionists already on the financial crime sanctions list.
A new Spin on Ransomware Attacks
Paying the ransom demanded by criminals is never a viable option. There is absolutely no reason for doing so, even if data is lost in the process. Anyone effectively ponying up the money – if they reside in the US – may face additional legal consequences for doing so.
According to the US Treasury Department, a ransomware attack is no excuse to find sanctioned countries. More specifically, if a criminal resides on the financial crime sanctions list, and they receive a ransomware payment, the ones paying will be fined for up to $20 million.
This does not just apply to the company or individual making the payment. Such a fine can be levied against financial institutions, cyber insurance providers, and companies engaged in digital forensics and incident response. Having ransomware insurance is no excuse to simply pay the money without repercussions.
Violating OFAC regulations is rarely mentioned in the same breath as cyber attacks. Given the ongoing increase of ransomware threats made against US companies and organizations, some action needs to be taken. Levying fines is a logical next step, as that sends a strong message to everyone involved.
Even during COVID-19, the number of cyber attacks keeps increasing. Most perpetrators can be tied to sanctioned countries, including Russia, North Korea, and so forth. Particularly Lazarus Group and Evil Corp. have shown a keen interest in targeting US corporations.
Licensing Requirements to Avoid Fees
What is interesting is how the US Treasury Department offers a solution. Anyone who receives a special dispensation or a license can avoid this fine altogether. Obtaining such approval may prove difficult, though, as it allows for making payments to sanctioned cybercrime organizations. Not an area to explore all too frequently.
Enabling criminals to obtain money from victims without repercussions isn’t acceptable either. Punishing the ones paying the ransom will face some criticism. At the same time, most companies can avoid ransomware by stepping up their cybersecurity. A fair few of them refuse to do so, or delay this move as long as possible. A $20 million fine will make several US firms rethink their approach, hopefully.
Looking to advertise? We will gladly help spread the word about your project, company, or service. CryptoMode produces high quality content for cryptocurrency companies. We have provided brand exposure for dozens of companies to date, and you can be one of them. All of our clients appreciate our value/pricing ratio. Contact us if you have any questions: [email protected]