US Government Seeks to Sanction Companies that Pay Ransomware Operators

  • Demand for ransomware payments skyrockets during the pandemic period
  • Companies that pay ransomware actors, including cyber insurance firms, will face potential sanctions for their actions
  • Department of the Treasury says ransomware payments benefit illicit actors and can undermine national security

The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has warned that companies may face sanctions if they give in to the demands of ransomware operators. That includes entities that carry out negotiations and payments, like cyber insurers.

OFAC says demand for ransomware payments has skyrocketed during the pandemic as cybercriminals target vulnerable online systems, including remote workers.

“Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations,” according to an OFAC advisory.

The reasoning OFAC cites for the decision is the same logic cited by US authorities in countless such notices over the years: “ransomware payments benefit illicit actors and can undermine the national security and foreign policy objectives of the United States.”

And there’s a good reason for the OFAC to stand behind its claims. In August 2019, ProPublica ran a piece drawing attention to cyber insurers who encourage their clients to pay cyber criminals through their insurance as a more comfortable and cheaper way out of the conundrum associated with a ransomware attack. As the author of the piece put it, “the attacks are good for business.”

Sometimes, however, victims resort to paying to protect their customers – in the case of University Hospital New Jersey in Newark, to protect patients from having their information leaked online. The hospital reportedly paid a $670,000 ransom to prevent the publishing of 240 GB of stolen data.

“OFAC has designated numerous malicious cyber actors under its cyber-related sanctions program and other sanctions programs, including perpetrators of ransomware attacks and those who facilitate ransomware transactions,” the advisory continues.

“OFAC has imposed, and will continue to impose, sanctions on these actors and others who materially assist, sponsor, or provide financial, material, or technological support for these activities,” the agency adds.

Earlier this year, cyber insurer Coalition surveyed a sample of 25,000 small to mid-size organizations and found that ransomware was the top cyber insurance claim in the first half of 2020, with the average ransomware demand doubling from 2019 through Q1 2020. The company said losses from these types of attacks ranged from the low thousands to well above $1 million per event.