Last year, before the onset of the Russia-Ukraine war, nearly 75% of cryptocurrency payouts for ransomware went to Russia, according to a study conducted by Chainanalysis. Let that sink in a moment. Then consider the legal ramifications of paying those ransoms now that Russia is a sanctioned country.
To Kurtis Minder, CEO of digital risk protection firm, GroupSense, these new sanctions mean he’ll be forced to turn down more ransomware victims seeking response and negotiation services or else risk running afoul of a growing list of sanctions issued by the Treasury Department’s Office of Foreign Assets Control (OFAC).
As opposed to the specific OFAC sanctions list, Russian sanctions are wide and ambiguous, making them difficult to abide by without proper intelligence and context, says Minder, who’s negotiated hundreds of ransomware payouts over the past two years. “The U.S. government is sanctioning entities within Russia at an increasing rate. So even with the OFAC list, we still need to use our company’s external intelligence and risk data—in addition to the sanctions lists—to understand if the victim is paying directly to a sanctioned entity or through an affiliate program that is loosely tied to a sanctioned group or region,” he explains.
Most of these sanctions are an extension of a Whitehouse initiative to combat ransomware by disrupting ransomware gangs, bolstering resilience, making laundering through cryptocurrency more difficult, and addressing safe harbors like those in Russia. It’s important to note that Russia isn’t the only sanctioned country. In 2019, OFAC sanctioned North Korea. The Federal Bureau of Investigation (FBI) has been trying to get companies associated with China added to the list since 2012 with limited success, says Darren Mott, who managed FBI cyber and counterintelligence squads for 20 years before retiring in 2019.
Politics tighten sanctions on ransomware payments
Since Russia launched its war against Ukraine, paying ransoms to Russian entities has become a political hot button, with Secretary of Treasury Janet Yellen lamenting how ransomware criminals operate in Russia with impunity. The Treasury Department’s release also declares that paying ransomware payouts to an entity in a sanctions nexus is a threat to U.S. national security.
“Fourteen years ago, back in 2008, FBI agents in Russia recognized that Putin was the crime boss behind most of these types of cyberattacks coming from his country. And now, because the issue is political, we punish the victims? That’s absurd. Paying ransoms should not be a political issue because by the time it gets to the stage of negotiating the ransoms, the victim company is already behind the eight ball with no other way out,” argues Scott Augenbaum, who recently retired after 29 years leading cybercrime investigations in the FBI.
Copyright © 2022 IDG Communications, Inc.
