Ransomware Payments Warning

Ransomware criminal

The U.S. Treasury Department warned that making ransomware payments could violate federal sanctions programs and anti-money laundering regulations. The warnings appeared in two advisories issued by the Office of Foreign Assets Control (OFAC) and the Financial Crimes Enforcement Network (FinCEN).

The OFAC advisory focuses on the “sanctions risks associated with ransomware payments related to malicious cyber-enabled activities.” OFAC warns that companies facilitating ransomware payments to cybercriminals encourage future ransomware payments. Importantly, a payment that a business or individual makes could risk violating OFAC regulations.

The FinCEN advisory addresses companies that provide services to victims of ransomware attacks and cyber insurance companies that “facilitate” a ransomware payment. FinCEN warns that a ransomware payment could constitute a money transmission, which depends on the facts and circumstances of the transaction.

Online Reliance

The pandemic compelled many companies to have their employees work from home. As a result, these companies rely on remote desktop protocols to conduct business online.

OFAC reported an increase in ransomware payments as cybercriminals target online systems. Over the past several years, OFAC designated “numerous malicious cyber actors under its cyber-related sanctions program and other sanctions programs, including perpetrators of ransomware attacks and those who facilitate ransomware transactions.”

Sophisticated Methods

FinCEN warns of increasing sophistication in ransomware operations. Cybercriminals are deploying schemes that include:

  • Big Game Hunting – targeting larger enterprises to demand larger payouts
  • Criminal Partnerships – sharing resources to enhance the effectiveness of the attacks, which includes ransomware exploit kits with “ready-made malicious codes and tools”
  • Double Extortion – removing sensitive data from targeted networks while encrypting the system files and then demanding a ransom to prevent the data from being published

FinCEN reports that ransomware attacks are a “growing concern” for financial institutions because they have a critical role in the collection of ransom payments. Processing a ransomware payment typically involves a multi-step process that includes a depository institution and at least one money services business (MSB) that processes convertible virtual currency (CVC).

According to FinCEN, cybercriminals often distribute ransomware by using common tactics, such as phishing campaigns and “drive-by” malware attacks. FinCEN advises that the best defense against ransomware is by implementing proactive prevention. Effective actions include “cyber hygiene, cybersecurity controls, and business continuity resiliency.”

Share this article!

Alice is a member of the Florida Bar, and she focuses on data privacy and cybersecurity compliance. She attended the Warrington College of Business at the University of Florida and earned a Bachelor of Science in Business Administration. After graduating, she earned a Juris Doctor at the Stetson University College of Law. During law school, she served as an Assistant Executive Editor for Stetson Law Review and also as a Staff Editor for Stetson Journal of Advocacy and the Law. She also served as a member of The Florida Bar Journal/News Editorial Board from 2018-2024. She is currently a member of the Florida Bar Cybersecurity and Privacy Law Substantive Law Committee.