About Us | Contact Us
View Cart

US Treasury Warns Against Paying Ransomware Gangs

By Vigilize | Wednesday, October 21, 2020 - Leave a Comment

Ransomware payments sent to countries under sanctions could result in fines…


An article review.


Whether or not to pay the organization behind a ransomware attack has been a hotly debated subject for many years, but a new advisory issued by the Treasury Department’s Office of Foreign Assets Control (OFAC) warns those who do pay up may have to pay again…in the form of fines.

An article submitted by our friend Wes Pollard explains the OFAC advisory, which states that ransom payments made to organizations in countries such as Cuba, Syria, Iran and North Korea violate US law, and those who facilitate such payments (such as cybersecurity firms and insurance companies) can be held liable.

The OFAC goes on to warn that organizations who make such payments are not off the hook even if they did not realize where the ransom payments were going, or that making such a payment violated the law.  Considering the fact that most ransomware payments are made without knowing who the recipient really is–usually via some form of cryptocurrency–that means any ransom payment could potentially open an organization up to scrutiny by the US Treasury.

Given this new warning it is even more important to know your insurance company’s policies on ransomware attacks and who makes the final call on issuing a payment, as it is a decision that could prove to be even more costly in the long run.


Original article by Sarah Coble writing for Infosecurity Magazine.


same_strip_012513


 

Latest News
      Alternatives From 2020 Conferences The 2020 Update Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Each year as we go to various conferences throughout the Midwest ranging in scope; from small banker conferences that Dan himself moderates, to hacker conferences like Defcon.  We […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around your office.  
    The IBA Presents an infotex Workshop: Tech-Shop (A Virtual Workshop for Banks IT Geeks) Live Workshop Time for a workshop for the technical side of the community-bank. Time for a workshop full of command lines and configurations, acronyms we are forbidden to use around management, and even dark-web jokes. Time for a workshop where we […]
    An Analogy… …About Taking Better Notes Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . An interesting set of metaphors arose out of our efforts to improve our time management practices at infotex.  In the spirit of sound strategic planning, we as a team decided […]
    A Webinar-Movie In our current world of uncertainty there is at least one thing that is certain. Business needs to continue, and that means that it is important for managers to be able to meet with their team even if everyone is working remotely at this point. In this Webinar-Movie, Dan will compare virtual meeting […]