Up A Newton MA

Main Menu

  • Conditional Sales Contract
  • Key Performance Indicators
  • Perfect Foresight
  • White-Collar Crime
  • Capital

Up A Newton MA

Header Banner

Up A Newton MA

  • Conditional Sales Contract
  • Key Performance Indicators
  • Perfect Foresight
  • White-Collar Crime
  • Capital
White-Collar Crime
Home›White-Collar Crime›Ransomware Payments – OFAC Updates Board and Congress Gets Involved – Technology

Ransomware Payments – OFAC Updates Board and Congress Gets Involved – Technology

By Mabel McCaw
October 12, 2021
0
0


United States: Ransomware Payments – OFAC Updates Board and Congress Gets Involved

12 October 2021

Foley Hoag LLP

To print this article, simply register or connect to Mondaq.com.

Ransomware payments continue to be a priority for the Office of Foreign Assets Control (“OFAC”) of the US Treasury Department. As previously reported by Foley Hoag, on October 1, 2020, OFAC issued an advisory regarding potential sanction risks associated with facilitating ransomware payments. Almost a year later, on September 21, 2021, OFAC updated his review provide additional guidance on what OFAC considers mitigating factors if facilitating a ransomware payment results in an apparent violation of US sanctions. In addition, OFAC has, for the first time, added a foreign cryptocurrency exchange (SUEX OTC, SRO) and a number of crypto addresses to its list of specially designated nationals and blocked persons.

OFAC’s 2021 advisory reinforced the stern warning it gave last year: Victims of ransomware attacks (and those who help them) risk violating US sanctions by facilitating payments of ransomware. ransomware if these payments are made to sanctioned entities. The updated advisory then builds on OFAC’s prior warning with an emphasis on three themes: (1) act with caution to protect yourself against attacks; (2) immediately disclose and report an attack to law enforcement; and (3) cooperate with law enforcement and provide details of the attack as quickly as possible. OFAC may impose penalties for strict liability sanctions violations, and OFAC maintains, as a policy, that license applications to make ransomware payments face a deemed denial. Thus, OFAC uses its enforcement power to encourage good practices before an attack, and to encourage prompt reporting and cooperation afterwards, as the best way to avoid or mitigate such sanctions. We’ve highlighted some of the major updates below:

  • Cautious self-defense – The advisory includes new language that “strongly” discourages the payment of cyber ransoms and instead urges private companies to focus on “strengthening defensive and resilient measures to prevent and protect against ransomware”. As an example of prudent practices, OFAC cites the Cybersecurity and Infrastructure Security Agency (“CISA”) Ransomware Guide for September 2020.
  • Quick reports – OFAC will consider the filing by an individual of a complete and self-initiated report of a ransomware attack with law enforcement as soon as possible as “voluntary self-disclosure and a significant mitigating factor”, even if it is not directly disclosed to OFAC. OFAC encourages victims to report the incident to the CISA, their local FBI office, the FBI Internet Crime Complaints Center, or their local U.S. Secret Service office as soon as possible. OFAC also encourages victims to “contact” OFAC if there is a suspicious link between the sanctions and the attack. Self-reporting may result in “significant mitigation [of penalties] OFAC when determining an appropriate response to the application in the event that a sanction link is found in relation to a ransomware payment. “
  • Timely cooperation – Another “important mitigating factor” that OFAC will consider is a company’s cooperation with law enforcement during and after a ransom attack, including providing information on technical details, payment requests for ransom and ransom payment instructions as soon as possible. OFAC would be more likely to resolve apparent violations with a non-public response, such as a letter of no action or a letter of caution, if these mitigating factors are present.

The US Congress is also getting more and more involved. Various bills have been introduced in the House and Senate, including a bipartisan Senate measure that would require many organizations – including not only critical infrastructure operators, but also nonprofits, businesses in addition of 50 employees and state and local government entities – report ransomware attacks to federal authorities. Much can change about these bills as they move through the legislative process, but as the risks continue to spread, it is clear that this problem will not go away anytime soon.

Foley Hoag has comprehensive resources to help you protect yourself against ransomware attacks, deal with an attack if you fall victim to it, and manage potential penalty risks:

The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.

POPULAR POSTS ON: US Technology

Smart supply chains using smart contracts

Foley & Lardner

Although the term “smart contract” sounds like a legal instrument, a smart contract is actually a computer program that performs a task when triggered by the occurrence of a predetermined event.

SCOTUS limits the scope of cybersecurity law

Armstrong Teasdale

Last November, the United States Supreme Court heard argument in Van Buren v. United States to interpret the scope of the Computer Fraud and Abuse Act (CFAA) …



Source link

Related posts:

  1. Patrick Schlentz | Death notice | columbustelegram.com
  2. FCPA attorney foreshadows increased use of new foreign bank subpoena tool – Criminal Law
  3. ‘Grandparent scams’ ravage western New York senior community
  4. How “polarized” political parties work together against the public interest – OpEd – Eurasia Review
Tagslaw enforcementunited states

Recent Posts

  • Boston University will open a new robotics lab to
  • Think of yourself as a business rather than an employee
  • Directors should take note of recent updates to Irish company law
  • Gifts and flowers are fine, but apologies also work
  • Ambitious district agenda, shining example of cooperative federalism: Jitendra Singh | India News

Archives

  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • August 2019
  • July 2019
  • June 2019
  • May 2019

Categories

  • Capital
  • Conditional Sales Contract
  • Key Performance Indicators
  • Perfect Foresight
  • White-Collar Crime
  • Terms and Conditions
  • Privacy Policy