An advisory issued by the American Treasury Department warns against payment of ransom to hackers, regimes or companies on the US sanctions list. In other words, if a company, directly or via a third party, pays ransom to a hacker who is under American sanctions, it could be placed under the sanctions regime itself. The significance is that managers, the management or the board of directors, now need to reconsider the risks of paying ransom.
The payment of ransom is carried out when an organization falls victim to a ransomware attack that encrypts its files. This kind of event could cause the suspension of business activity, including of production lines or critical infrastructures. The payment of ransom is aimed at two goals: receiving the key for opening the files, and preventing publication of the data that was stolen. The leaking of data could initiate a wave of civilian lawsuits, and if the company serves European clients it could be fined by Europe's privacy regulator.
The process of the American Treasury Department creates a problem for organizations. On the one hand, they have no solution to prevent ransomware attacks, and in a significant portion of the cases, recovery is not possible because of lack of backup or failed reconstruction. On the other hand, they cannot pay ransom to decrypt the files and prevent the leaking of statistics, a fact that exposes them to significant losses including fines and civilian lawsuits.
It should be mentioned that it is also against the law in Israel to pay ransom (although companies do it because they have no other choice). But in Israel the Justice Ministry turns a blind eye to the topic. Israeli organizations will now have to take into consideration the risk involved in paying ransom – being placed under American sanctions.