From now on, just think twice before making a ransomware payment as a new US law drafted by the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has chosen to impose a civil penalty to ransomware victims who are making a payment to hackers.
Thus, from now and in accordance with the FBI law not to pay hackers in case of ransomware incident/s, the OFAC might likely indulge in the pronunciation of penalty to those who make a payment to malicious actors under any circumstances.
As of now, Maksim Yakubets of Evil Corp who has created the Dridex malware family, Lazarus group who created WannaCry Ransomware, Cryptolocker creator Evgeniy Mikhailovich Bogachev and two Iranian citizens behind SamSam Crypto malware have been marked out in the list. Meaning, those who pay a ransom to any of the above-stated cybercriminals will be prosecuted and will have to face a hefty civil fine.
OFAC statement released on October 1st of this year has stated that ransomware actors who made to the list will be treated as threats to the US national security.
Subsequently, those who make ransomware payments will also be treated as supporters of the threat actors as they will be eligible to be prosecuted under the International Emergency Economic Powers Act (IEEPA) or the Trading with the Enemy Act (TWEA).
Note- The decision under all circumstances will apply to those making a ransomware payment even if they are unaware of the Sanctions list. And in near future, the federal organization will continue to add more threat actors to the list and this includes those who financially support, provide manpower and technology-based software or hardware to those involved in cyber attacks.