Skip to main content

Making Ransomware Payments Can Get You In Legal Trouble

By December 21, 2018June 2nd, 2022Cybersecurity

It’s no secret that ransomware attacks have been on the rise over the last couple of years. Many companies, desperate to get their files back, have resorted to simply paying the ransom and hoping the hackers act in good faith and keep their word where unlocking the files is concerned. That approach just got a lot more complicated, thanks to the OFAC (Office of Foreign Assets Control), which is a part of the Department of the Treasury.

In a recently unsealed grand jury indictment against a pair of Iranian hackers, we’ve learned that in addition to identifying the hackers by name, they’ve also been identified by their specific cryptocurrency wallet address.

Here’s why that matters:

The OFAC has added both hackers to the Specially Designated Nationals and Blocked Persons List. That means that US citizens and businesses are forbidden to do business with or conduct transactions of any kind with them, including sending ransom payments to their cryptocurrency addresses.

Since federal investigators are monitoring those wallets now, any ransom payments sent to them could easily be traced back to the person sending the funds. At that time, the sender would be subject to secondary sanctions and fines that would be far more than whatever the original ransom amount might have been.

Needless to say, this complicates things a great deal for companies hit by ransomware attacks and it makes it all the more important to have a strategy in place to recover your files if you are successfully attacked in this manner.

Failure to do so could be ruinously expensive.  In addition to suffering system downtime (which will cause your company to bleed red ink), and the funds lost paying the ransom, now you’ve got to worry about the federal government.  Not good.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.