Paying ransomware hackers could run afoul of anti-money laundering regulations. The Financial Crimes Enforcement Network (FinCEN) issued an advisory that, depending on the circumstances, facilitating ransomware payments to cyber-criminals could constitute money transmission, thus violating anti-money laundering regulations. In addition, the Office of Foreign Assets Control (OFAC) issued an advisory that engaging in transactions, such as ransomware payments, with individuals or entities on their Specially Designated Nationals and Blocked Persons List is a sanctions violation and could result in civil penalties.
To be fair, OFAC does publish a list of sanctioned entities, and they advise victim organizations to check this list prior to paying any ransom. The challenge in this case is in the identification of the hacker organizations, whose identity is not usually known to the ransomware victims.
The two most common forms of ransomware attacks come in the forms of phishing emails and poorly secured Remote Desktop Protocol (RDP). The latter is especially troubling given the dramatic increase in remote workers and the resulting loss of secure control of the working environment.
It’s fairly well-known that third-party software component vulnerabilities, like RDP, play a big role in enabling ransomware attacks, but organizations can take some proactive steps to help decrease the likelihood that they will fall victim to such attacks by implementing or maintaining processes that monitor third-party components, their vulnerabilities and available security patches.
Requesting a Software Bill of Materials (SBOM) from vendors, which is a monitored list of third-party software components utilized in their product, will provide needed transparency and will make the task of monitoring product components much more efficient. Of course, end-user training is always recommended, given that human error is still a huge contributor in facilitating unwanted access to networks and systems.