Paying ransomware demands may breach international sanctions, US Treasury warns
Advisories warn that it's illegal to engage with entities inside countries under economic sanctions


Companies that agree to hand over cash to hackers to free their systems from ransomware may face prosecution or penalties, the US Treasury said on Thursday.
Advisories from both the Treasury's Office of Foreign Assets Control (OFAC) and its Financial Crimes Enforcement Network (FinCEN) have warned that many hacker groups are believed to be operating from countries under economic sanctions, as reported by Reuters.
Any companies engaging with groups inside these countries could be in breach of these sanctions, the advisories warned, even in those cases where the company was unaware of the hackers' location.
The OFAC's advisory cited cyber attacks that were linked to hacking groups from North Korea and Russia, which are both nations sanctioned by the US. The US government often imposes economic and trade sanctions on countries that it deems sponsors terrorism or that violate human rights.
These latest warnings from the OFAC and FinCEN show an intent to regulate a rapidly growing market of companies who help organisations pay off hackers, such as cyber insurance firms or security consultancies.
The Enforcement Network's advisory also warned that cyber security firms may need to register as 'money services' if they help make these ransomware payments. This would place a new requirement on a section of the cyber security industry that is rapidly growing.
An affected company's decision to pay a ransom is not necessarily illegal, though it is usually ill advised. A 2019 survey from AT&T Cybersecurity revealed that 40% of IT security professionals believe that there should be a law preventing firms from paying ransoms. The argument often centres on the problem of there being no guarantee that the hackers will fulfil their end of the bargain and return stolen data.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Bobby Hellard is ITPro's Reviews Editor and has worked on CloudPro and ChannelPro since 2018. In his time at ITPro, Bobby has covered stories for all the major technology companies, such as Apple, Microsoft, Amazon and Facebook, and regularly attends industry-leading events such as AWS Re:Invent and Google Cloud Next.
Bobby mainly covers hardware reviews, but you will also recognize him as the face of many of our video reviews of laptops and smartphones.
-
New chapter, same partners: Keeping the channel aligned with change
Industry Insights How to maintain strong channel partnerships amid evolving strategies and market change
-
Palo Alto Networks snaps up CyberArk in identity security push
News The acquisition marks the latest in a string for Palo Alto Networks
-
The Scattered Spider ransomware group is infiltrating Slack and Microsoft Teams to target vulnerable employees
News The group is using new ransomware variants and new social engineering techniques - including sneaking into corporate teleconferences
-
Hackers breached a 158 year old company by guessing an employee password – experts say it’s a ‘pertinent reminder’ of the devastating impact of cyber crime
News A Panorama documentary exposed hackers' techniques and talked to the teams trying to tackle them
-
The ransomware boom shows no signs of letting up – and these groups are causing the most chaos
News Thousands of ransomware cases have already been posted on the dark web this year
-
Everything we know about the Ingram Micro cyber attack so far
News A cyber attack on Ingram Micro severely disrupted operations and has been claimed by the SafePay ransomware group.
-
A prolific ransomware group says it’s shutting down and giving out free decryption keys to victims – but cyber experts warn it's not exactly a 'gesture of goodwill'
News The Hunters International ransomware group is rebranding and switching tactics
-
Swiss government data published following supply chain attack – here’s what we know about the culprits
News Radix, a non-profit organization in the health promotion sector, supplies a number of federal offices, whose data has apparently been accessed.
-
Ransomware victims are getting better at haggling with hackers
News While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker group
News An analysis of May's SQL database dump shows how much LockBit was really making