Tag Archive for: OFAC

OFAC Targets Virtual Currency Exchange for Allegedly Facilitating Ransomware Attack | Ballard Spahr LLP

/in


First Post in a Two-Part Series on Recent OFAC Designations

On September 21, 2021 OFAC issued its first sanctions designation against a virtual currency exchange by designating the virtual currency exchange, SUEX OTC, S.R.O. (SUEX) “for its part in facilitating financial transactions for ransomware variants.”  Although this is a unique development, the broader and more important issue for any financial institution or company facing a ransomware attack is the continuing problem encapsulated in OFAC’s six-page Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, which OFAC released in conjunction with the announcement of the SUEX designation.  The Updated Advisory illustrates a “Catch 22” scenario, in which a victim that halts a ransomware attack by making the demanded payment then may find itself under scrutiny from OFAC on a strict-liability basis if it turns out that the attackers were sanctioned or otherwise had a sanctions nexus.  The Updated Advisory states that OFAC will consider self-reporting, cooperation with the government and strong cybersecurity measures to be mitigating factors in any contemplated enforcement action.

OFAC has been busy.  Tomorrow, we will blog on a more traditional action announced by OFAC right before the SUEX designation:  OFAC’s designation of members of a network of financial conduits funding Hizballah and Iran’s Islamic Revolutionary Guard Corps-Qods Force.  This designation is notable for the targets’ alleged use of gold as a vehicle to launder illicit funds through front companies.

The Blacklisting of SUEX

According to OFAC, over 40% of SUEX’s known transaction history is associated with illicit actors.  As a result, SUEX is prohibited from transacting with U.S. persons or transacting within the United States, and financial institutions and other persons that engage in certain transactions or activities with the sanctioned entities and individuals may expose themselves to sanctions or be subject to an enforcement action.  OFAC issued the designation pursuant to Executive Order (E.O.) 13694, entitled “Blocking the Property of Certain Persons Engaging in Significant Malicious…

Source…

OFAC Imposes New Sanctions To Thwart Ransomware – Technology

/in


On September 21, 2021, the US Treasury Department’s Office
of Foreign Assets Control (“OFAC”) levied its first
sanctions against a Russian-operated virtual currency exchange
involved in ransomware payments and published an updated advisory
on sanctions risks for ransomware payments. At the same time,
Deputy Secretary of the Treasury Wally Adeyemo was careful to
underscore that “the vast majority of activity that’s
happening in the virtual currencies is legitimate activity.”
The actions form part of what the Treasury Department described as
a whole-of-government effort targeting ransomware networks and
certain foreign virtual currency exchanges – those that are
either illicit or operate at the edges of legality – that
support them. In a ransomware attack, a cyber actor uses malware to
encrypt the data on a victim’s computer system and only
decrypts it if the victim pays a ransom, usually in
cryptocurrency.

OFAC targeted only one, Russian-operated virtual currency
exchange, but its action signals a broader focus on intermediary
parties that launder ransom payments or otherwise facilitate
ransomware attacks. The September 21, 2021 advisory (the “Updated
Advisory”) expands on the guidance provided in its October 2020
predecessor about OFAC’s expectations of how victims and
others should act both before, during, and after an attack. All
companies, especially those in industries such as financial
services that are often targeted by ransomware attacks, and the
cybersecurity firms that help victims manage attacks, should review
the Updated Advisory and incorporate its guidance into their
ransomware planning.

New Sanctions and Updated Advisory on Cryptocurrency

US companies are generally prohibited from engaging in any
financial transactions with persons identified on OFAC’s
Specially Designated Nationals and Blocked Persons
(“SDN”) List, and with those located in certain
sanctioned countries or territories, including Cuba, Iran, and the
Crimea region of Ukraine. Non-US companies may also violate US
sanctions if they cause a US person to violate the sanctions
prohibitions. And, as OFAC indicates in the Updated Advisory, a
ransomware payment made…

Source…

OFAC Regulatory Crackdown on Ransomware Attacks

/in


Tuesday, December 15, 2020

Ransomware is a Serious and Growing Problem

In recent years, Ransomware has evolved from merely encrypting files/disabling networks in solicitation of ransom, to sophisticated attacks that often involve actual data access, theft and sometimes, the threat of publication. These sophisticated malware attacks frequently destroy backups and provide criminals even more leverage over their victims, coercing them to pay ransoms.  Ransomware does not just target businesses – it is often used to attack hospitals, research institutions, and other public services that are especially critical during this global pandemic.

It is increasingly common for Ransomware attacks to be associated with large sophisticated cyber-criminal organizations, with a central entity providing the tools, training, and ability to collect ransoms and sending its “associates” out to cause harm. As long as victims continue to pay ransoms, Ransomware is able to expand. Ransomware is also being adapted for new, criminal purposes.  Increasingly, hackers associated with countries like Iran and North Korea are using Ransomware to generate an influx of cash into their economic streams and bypass economic sanctions. Faced with an urgent need to stop the spread of Ransomware, law enforcement is now moving past its old strategy of strongly discouraging victims from paying ransoms. Regulatory agencies – such as OFAC and the SEC – are implementing regulations to prevent victims from paying ransom to buy their way out of a Ransomware attack.  These regulations arm law enforcement with a new enforcement mechanism – allowing them to punish companies who choose to pay ransom in the face of a Ransomware attack. Accordingly, they signal a new area of regulatory enforcement that will likely become the government’s most powerful tool to curb the spread of Ransomware.

Regulatory Changes to Combat Ransomware

In the absence of evidence of data access or exfiltration, a Ransomware incident may not be considered a breach, and therefore, may fall outside any reporting requirements for cyber-incidents. …

Source…