On October 1, 2020, the US Department of the Treasury issued two advisories in an effort to help US individuals and businesses address growing concerns related to ransomware scans and attacks. According to the Federal Bureau of Investigation, there was a 37 percent annual increase in ransomware cases and a 147 percent annual increase in associated losses reported between 2018 and 2019, with demands for ransomware payments increasing even more during the COVID-19 pandemic. The Financial Crimes Enforcement Network issued an advisory entitled, Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments, providing information on the roles that financial intermediaries play in the processing of ransomware payments, trends and typologies of ransomware and payments, financial red flag indicators, and the importance of reporting and sharing information related to ransomware attacks.
The Office of Foreign Assets Control also issued an advisory entitled, Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, that highlights the potential risks involved in making ransomware payments to sanctioned cyber actors, a practice that not only encourages future ransomware demands but also exposes otherwise blameless US persons and businesses to sanctions themselves. The advisory encourages ransomware victims or anyone who works to assist victims to contact OFAC or FinCEN if they suspect a payment may involve a sanctions nexus, or the Department of the Treasury’s Office of Cybersecurity and Critical Infrastructure Protection (OCCIP), if a ransomware attack involves a US financial institution or has the potential to cause significant disruption to a company’s ability to perform critical financial services.
Department of Treasury Press Release |FinCEN Advisory | OFAC Advisory