By Raphael Satter
WASHINGTON (Reuters) – Facilitating ransomware payments to sanctioned hackers may be illegal, the U.S. Treasury said on Thursday, signaling a crackdown on the fast-growing market for consultants who help organizations pay off cybercriminals.
In a pair of advisories, the Treasury’s Office of Foreign Assets Control and its Financial Crimes Enforcement Network warned that facilitators could be prosecuted even if they or the victims did not know that the hackers demanding the ransom were subject to U.S. sanctions.
Ransomware works by encrypting computers, holding a company’s data hostage until a payment is made. Organizations have often ponied up ransoms to liberate their data.
“It is a game changer,” said Alon Gal, chief technology officer of Hudson Rock, which works to head off ransomware attacks before they happen.
Before, companies could decide whether or not to pay cybercriminals off, he said. Now that those decisions are being brought under government oversight “we are going to see a much tougher handling of these incidents.”
The Enforcement Network’s advisory also warned that cybersecurity firms may need to register as money services businesses if they help make ransomware payments. That would impose a new reporting requirement on a previously little-regulated corner of the cybersecurity industry.
Ransomware has become an increasingly visible threat in the United States and abroad. Cybercriminals have long used the software to loot their victims. Some countries, notably North Korea, are also accused of deploying ransomware to earn cash.
(Reporting by Raphael Satter; Editing by Chizu Nomiyama and Richard Chang)