US advisory meant to clarify ransomware payments only spotlights widespread uncertainty
If a Treasury Department advisory threatening financial penalties against anyone paying ransomware hackers was intended to send a clear message, it may have done the exact opposite. The Oct. 1 advisory from the Office of Foreign Assets Control warned that paying or helping to pay ransoms to anyone on its cyber sanctions list could incur civil penalties. Across some of the industries mentioned in the advisory — like cybersecurity incident response firms and insurance providers — reactions have ranged from confusion to silence, from yawns to raised eyebrows, from praise to fear of a blizzard of potentially unintended consequences. The worst case scenarios involve ransomware victims in the health sector having to make a life-or-death decision on whether to pay to unlock their systems while at risk of incurring Treasury’s wrath, or situations where victims try even harder to keep attacks quiet to avoid OFAC fines, which sometimes total millions […]
The post US advisory meant to clarify ransomware payments only spotlights widespread uncertainty appeared first on CyberScoop.