U.S. Treasury warns cyber insurers against paying ransomware demands
Monday, 10 05 2020, Category: Technology, Country: United States
The U.S. Treasury Department is warning that individuals or businesses that help facilitate ransomware payments may be violating anti-money laundering and sanctions regulations.
The warnings came in a pair of advisories, one from the Financial Crimes Enforcement Network (FinCEN) and the other from the Office of Foreign Assets Control (OFAC).
“Cybercriminals have deployed ransomware attacks against our schools, hospitals, and businesses of all sizes,” said Deputy Secretary Justin G. Muzinich. “Treasury will continue to use its powerful tools to counter these malicious cyber actors and their facilitators.”
FinCEN addressed companies that provide protection and mitigation services to victims of ransomware attacks, including digital forensics and incident response companies and cyber insurance companies that facilitate ransomware payments to cybercriminals, often by directly receiving customers’ fiat funds, exchanging them for convertible virtual currency (CVC), and then transferring the CVC to criminal-controlled accounts.
“Depending on the particular facts and circumstances, this activity could constitute money transmission,” the advisory says.
Source: Insurance Journal