Victims of ransomware attacks could potentially receive civil penalties for making ransom payments to a growing list of threat actors.

On October 1, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) revealed that it could choose to impose civil penalties on ransomware victims who make ransom payments to malicious actors whom it has designated under its cyber-related sanctions program.

Those actors include Evgeniy Mikhailovich Bogachev, the creator of Cryptolocker; two Iranians who helped provide material support to the SamSam crypto-malware operation; the Lazarus Group along with two sub-groups, Bluenoroff and Andariel, for having developed WannaCry 2.0; as well as Evil Corp and its leader, Maksim Yakubets, for having created the Dridex malware family.

In an advisory, OFAC explained that it added these ransomware actors to its sanctions list with the understanding that ransomware payments to these individuals could threat U.S. national security:

Facilitating a ransomware payment that is demanded as a result of malicious cyber activities may enable criminals and adversaries with a sanctions nexus to profit and advance their illicit aims. For example, ransomware payments made to sanctioned persons or to comprehensively sanctioned jurisdictions could be used to fund activities adverse to the national security and foreign policy objectives of the United States. Ransomware payments may also embolden cyber actors to engage in future attacks. In addition, paying a ransom to cyber actors does not guarantee that the victim will regain access to its stolen data.

Subsequently, the Office for the U.S. Treasury Department said that those who submit ransomware payments to these and other actors could violate its sanctions as well as come into conflict with both the International Emergency Economic Powers Act (IEEPA) or the Trading with the Enemy Act (TWEA).

OFAC specifically said that it (Read more...)