Anyone in the US Facilitating Ransomware Payments Faces a $20 Million Fine

CryptoMode CyrusOne Ransomware Maze No More Ransom

Ransomware remains a very prominent problem, and one with some unforeseen consequences. American companies paying the ransom may face a face of up to $20 million. This applies to paying extortionists already on the financial crime sanctions list. 

A new Spin on Ransomware Attacks

Paying the ransom demanded by criminals is never a viable option. There is absolutely no reason for doing so, even if data is lost in the process. Anyone effectively ponying up the money – if they reside in the US – may face additional legal consequences for doing so.

According to the US Treasury Department, a ransomware attack is no excuse to find sanctioned countries. More specifically, if a criminal resides on the financial crime sanctions list, and they receive a ransomware payment, the ones paying will be fined for up to $20 million.

This does not just apply to the company or individual making the payment. Such a fine can be levied against financial institutions, cyber insurance providers, and companies engaged in digital forensics and incident response. Having ransomware insurance is no excuse to simply pay the money without repercussions.

Violating OFAC regulations is rarely mentioned in the same breath as cyber attacks. Given the ongoing increase of ransomware threats made against US companies and organizations, some action needs to be taken. Levying fines is a logical next step, as that sends a strong message to everyone involved.

Even during COVID-19, the number of cyber attacks keeps increasing. Most perpetrators can be tied to sanctioned countries, including Russia, North Korea, and so forth. Particularly Lazarus Group and Evil Corp. have shown a keen interest in targeting US corporations. 

Licensing Requirements to Avoid Fees

What is interesting is how the US Treasury Department offers a solution. Anyone who receives a special dispensation or a license can avoid this fine altogether. Obtaining such approval may prove difficult, though, as it allows for making payments to sanctioned cybercrime organizations. Not an area to explore all too frequently. 

Enabling criminals to obtain money from victims without repercussions isn’t acceptable either. Punishing the ones paying the ransom will face some criticism. At the same time, most companies can avoid ransomware by stepping up their cybersecurity. A fair few of them refuse to do so, or delay this move as long as possible. A $20 million fine will make several US firms rethink their approach, hopefully. 

None of the information on this website is investment or financial advice and does not necessarily reflect the views of CryptoMode or the author. CryptoMode is not responsible for any financial losses sustained by acting on information provided on this website by its authors or clients. Always conduct your research before making financial commitments, especially with third-party reviews, presales, and other opportunities.