U.S. Companies’ Cyber Ransom Payments May Bring Treasury Calling

Sept. 22, 2021, 8:43 PM

Submitting to ransomware demands may trigger enforcement under U.S. sanctions laws and risk fines for companies already beset by a cyberattack.

Guidance from the Treasury Department’s Office of Foreign Assets Control released Tuesday applies to all U.S. companies, including federal contractors and critical infrastructure providers who might be the target of ransomware, as well as financial institutions, cyber risk insurers, and cybersecurity service providers who may be involved in facilitating payments.

Treasury designated SUEX, a cryptocurrency exchange, a sanctioned entity “for its part in facilitating financial transactions for ransomware actors,” according to a statement on Tuesday. As much as 40% ...

To read the full article log in. To learn more about a subscription click here.