New Advisories on Ransomware Payments Reviewed by Momizat on . The Dark Web Criminals Both the Financial Crimes Enforcement Network (FinCEN) and the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) have The Dark Web Criminals Both the Financial Crimes Enforcement Network (FinCEN) and the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) have Rating: 0
You Are Here: Home » Financial Forensics » New Advisories on Ransomware Payments

New Advisories on Ransomware Payments

The Dark Web Criminals

Both the Financial Crimes Enforcement Network (FinCEN) and the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) have issued recent advisories concerning ransomware payments. This article provides an overview of those advisories.

New Advisories on Ransomware Payments: The Dark Web Criminals

Both the Financial Crimes Enforcement Network (FinCEN) and the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) have issued recent advisories concerning ransomware payments.[1]

Ransomware attacks occur when a cyber actor uses malicious software (“malware”) to block access to a computer network or data, and offers to restore access in exchange for payment of ransom. Ransom is generally demanded in the form of some type of cryptocurrency, such as Bitcoin, Ethereum, or Monero, as they lend a level of anonymity desired by criminals that fiat currencies do not provide.

As potential victims of ransomware attacks have become more vigilant about making sure they have data backups that will allow them to mitigate the risk of an attack, the cyber actors have become more sophisticated in their schemes, and many now threaten to dox their victims, or release sensitive data to the public, if the ransom is not paid.

FinCEN and OFAC are warning against the facilitation of ransomware payments, not only because it encourages future ransomware payment demands, but doing so may cause you to unwittingly run afoul of national security objectives and financial regulations.

Businesses such as digital forensics and incident response (DFIR) companies and cyber insurance companies (CIC) may assist clients in making ransomware payments by receiving and converting their clients’ fiat currencies into the cryptocurrencies generally demanded by ransomware attackers and transferring the ransom to the attackers’ specified accounts. Depending on the circumstances, engagement in such activity may constitute money services business activities. An entity involved in such activities is required to register as a Money Services Business with FinCEN and comply with Bank Secrecy Act (BSA) obligations, including filing suspicious activity reports (SAR).

OFAC has designated several individuals and organizations associated with cybercrimes under its cyber-related sanctions program and other sanctions programs. Facilitating ransomware payments to one of these designees may assist the advancement of, and enable them to profit from, their nefarious activities, undermining the national security and foreign policy objectives of the United States, and violating OFAC’s Economic Sanctions Enforcement Guidelines. Additionally, if these cybercriminals are listed on OFAC’s Specially Designated Nationals and Blocked Persons List (SDN List), are other blocked persons, or are covered by comprehensive country or region embargoes, U.S. persons are generally prohibited from engaging in direct or indirect transactions with them under the International Emergency Economic Powers Act (IEEPA) or the Trading with the Enemy Act (TWEA).

Should you fall victim to a ransomware attack and decide there is no other remedy but to pay the ransom, be aware that there may be national security and financial regulatory implications to this course of action, and it is not just about getting your data back. Financial institutions and other money services businesses are being advised by OFAC and FinCEN to look for red flag indicators of ransomware and associated illicit payments.

If you are working with a DFIR or CIC to resolve the situation, ask how they are keeping on the right side of OFAC and FinCen requirements, so your efforts to retrieve your data assets do not result in much bigger problems with the U.S. government.

This article was previously published by SobelCo, October 21, 2020, and is republished here by permission.

[1] https://www.fincen.gov/sites/default/files/advisory/2020-10-01/Advisory%20Ransomware%20FINAL%20508.pdf

https://home.treasury.gov/system/files/126/ofac_ransomware_advisory_10012020_1.pdf


Rebecca Fitzhugh, CPA, CFF, CFE, MBA, CIT, CIGA, is a Member of SobelCo serving in the Forensic & Valuation Services practice area and has more than 20 years of experience in forensic accounting, litigation services, and public accounting.

Ms. Fitzhugh can be contacted at (973) 994-9494, x162 or by e-mail to Rebecca.Fitzhugh@SobelCoLLC.com.

The National Association of Certified Valuators and Analysts (NACVA) supports the users of business and intangible asset valuation services and financial forensic services, including damages determinations of all kinds and fraud detection and prevention, by training and certifying financial professionals in these disciplines.

Number of Entries : 2611

©2024 NACVA and the Consultants' Training Institute • Toll-Free (800) 677-2009 • 1218 East 7800 South, Suite 301, Sandy, UT 84094 USA

event themes - theme rewards

Scroll to top
G-MZGY5C5SX1
lw