Treasury Department warns against paying hackers involved in ransomware attacks

The Treasury Department on Thursday issued two adversaries highlighting the dangers of ransomware cyberattacks, and warning against paying ransoms demanded by hackers. 

Both the agency’s Office of Foreign Assets Control (OFAC) and Financial Crimes Enforcement Network (FinCIN) issued alerts around ransomware attacks, which have been increasingly widespread over the past two years and have ramped up during the COVID-19 crisis. 

“Cybercriminals have deployed ransomware attacks against our schools, hospitals, and businesses of all sizes,” Deputy Treasury Secretary Justin Muzinich said in a statement. “Treasury will continue to use its powerful tools to counter these malicious cyber actors and their facilitators.”

OFAC warned that paying a ransom demanded by hackers in order to gain back access to encrypted systems could lead to federal repercussions. 

“Demand for ransomware payments has increased during the COVID-19 pandemic as cyber actors target online systems that U.S. persons rely on to continue conducting business,” OFAC wrote in its advisory. “Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations.”

FinCEN issued a second advisory to provide information on various types of ransomware attacks, red flag indicators of attack, and how to report and share information if attacked. 

FinCEN noted in the advisory that “ransomware attacks are a growing concern for the financial sector because of the critical role financial institutions play in the collection of ransom payments.”

Ransomware attacks have become one of the leading cybersecurity concerns in the nation, with ransomware attacks temporarily disabling city systems in Atlanta, Baltimore, and New Orleans over the past two years, along with increasingly targeting local governments and schools across the nation. 

Charles Carmakal, senior vice president and chief technology officer at cybersecurity group FireEye’s Mandiant Solutions, told The Hill in a statement that while he saw OFAC’s advisory as “well-intentioned,” but noted that “it will certainly add more pressure and complexity to victim organizations already challenged recovering after a security incident.”

“OFAC already provides a list of sanctioned entities,” Carmakal said. “Victim organizations are required to check the list prior to paying extortion demands. However, the true identity of the cyber criminals extorting victims is usually not known, so it’s difficult for organizations to determine if they are unintentionally violating U.S. Treasury sanctions.”

Both the alerts were issued on the first day of National Cybersecurity Awareness Month, which takes place each October, with President Trump issuing a proclamation detailing his cybersecurity concerns on Thursday. 

“During National Cybersecurity Awareness Month, we recommit to ensuring our Nation’s cybersecurity, and we raise awareness of the responsibility all Americans have to protect their Internet-connected devices, technology, and networks from cyber threats at work, home, and school,” Trump wrote in the proclamation.