Get the Global IP Investigations and Enforcement Perspective

Industry content delivered straight to your inbox.
Email address
Secure and Spam free...

Ransomware Payments: Know Whom You’re Paying!

In a recent Cafe Insider-Cyber Space podcast interview, “Why you should be paying attention to ransomware cyber attacks,” John Carlin, former U.S. Assistant Attorney General for the National Security Division, interviewed veteran New York Times cyber reporter David Sanger.

They discussed this specific issue and shed even more light on how dicey the problem is.

The payment of a ransom to OFAC listed cybercrime groups could subject the victim/paying company to be sanctioned by the U.S. government.

See the following October 1, 2020, U.S. Treasury advisory:

Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments

In my last post, Cyber Attacks for Ransom: Exponentially Growing Problem (Post 3 of 3), I raised the potential complication of paying a ransom to an individual or entity that is on the U.S. Treasury Department’s – Office of Foreign Assets Control (OFAC) list of cybercrime individuals, groups, or nation-states.

A few of the intriguing points made in the interview is that a company who pays the ransom falls under strict-liability (meaning the victim need not know they are paying an individual or group on the OFAC list to be held civilly liable. It does not require intent.) Except, the victim/company may not have any way of determining if the hacker is on that criminal-groups list unless they notify law enforcement.

FINAL THOUGHTS

For several legitimate reasons, many companies do not want to notify law enforcement and make the payment privately.

On the other hand, government is forced to confront a problem that is getting exponentially worse and feel compelled to do what it can to change behavior.

The interview has a runtime of 1 hour, 4 minutes.

The ransomware segment begins at 29:45.

Disclaimer: IPPIBlog.com is offered as a service to the professional IP community. While every effort has been made to check information in this blog, we provide no guarantees or warranties, express or implied, with regard to content provided in IPPIBlog.com. We disclaim any and all liability and responsibility for the qualification or accuracy of representations made by the contributors or for any disputes that may arise. It is the responsibility of the readers to independently investigate and verify the credentials of such person and the accuracy and validity of the information provided by them. This blog is provided for general information purposes only and is not intended to provide legal or other professional advice.

Did you find this post useful?
I agree to have my personal information transfered to MailChimp ( more information )
Join other IP protection professionals, i.e., investigators, attorneys, and brand protection specialists and receive updates straight to your inbox.
We hate spam. Your email address will not be sold or shared with anyone else.

Ron Alvarez is an IP Investigations / Protection writer and licensed private investigator in New York City. He is a former NYPD lieutenant where he investigated robbery, narcotics, internal affairs, and fine art theft cases. Ron is a graduate of the FBI National Academy and earned a B.A. in Government and Public Administration from John Jay College of Criminal Justice in Manhattan. He has published a number of articles on various investigative topics for PI Magazine. Ron is certified by the Interpol-International IP Crime Investigators College (IIPCIC.) as a "Transnational and Organized Crime Intellectual Property (IP) Investigator."

0 comments on “Ransomware Payments: Know Whom You’re Paying!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Get the Global IP Investigations and Enforcement Perspective

Industry content delivered straight to your inbox.
Email address
Secure and Spam free...
%d bloggers like this: