Treasury Department Issues Ransomware Advisories to Increase Awareness and Thwart Attacks
The U.S. Department of the Treasury today issued a pair of advisories to assist U.S. individuals and businesses in efforts to combat ransomware scams and attacks, which continue to increase in size and scope. The Financial Crimes Enforcement Network (FinCEN) advisory, entitled Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments, provides information on the role of financial intermediaries in payments, ransomware trends and typologies, and related financial red flags. It also provides information on effectively reporting and sharing information related to ransomware attacks. The Office of Foreign Assets Control (OFAC) advisory, entitled Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, highlights the sanctions risks associated with facilitating ransomware payments on behalf of victims targeted by malicious cyber-enabled activities.
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) is issuing an advisory to alert companies that engage with victims of ransomware attacks of the potential sanctions risks for facilitating ransomware payments. This advisory highlights OFAC’s designations of malicious cyber actors and those who facilitate ransomware transactions under its cyber-related sanctions program. It identifies U.S. government resources for reporting ransomware attacks and provides information on the factors OFAC generally considers when determining an appropriate enforcement response to an apparent violation, such as the existence, nature, and adequacy of a sanctions compliance program. The advisory also encourages financial institutions and other companies that engage with victims of ransomware attacks to report such attacks to and fully cooperate with law enforcement, as these will be considered significant mitigating factors.