- Insurance firms that pay ransomware demands on behalf of hacked companies could find themselves penalized for dealing with sanctioned countries
- The Treasury has warned that paying a ransom to a group linked to a sanctioned country could be considered a violation of sanctions and result on prosecution
- Hackers from North Korea and Russian have been paid off in recent years, both of which are sanctioned
Insurance firms that pay out cyber criminals on behalf of companies in the event of a ransomware demand could be violating sanctions, according to the U.S. Treasury Department. A spate of hacks followed by ransomware demands in recent years have resulted in insurance companies paying the ransom, typically in Bitcoin, but the Treasury has now warned that if the hackers are proven to be linked to countries on the U.S. sanctions list then insurance companies could face stiff penalties.
Ransomware Insurance Needed More Than Ever
The warning to insurance companies came from the Treasury’s Office of Foreign Assets Control (OFAC) and Financial Crimes Enforcement Network (FinCEN) and referenced the growing number of ransomware cases where payments are demanded in Bitcoin.
Ransomware payment demands have increased during the coronavirus pandemic as more and more people have been working from home, allowing hackers to target online systems more effectively. Reuters puts the average ransomware payments for Q2 at $178,254, a 60% jump over Q1.
Sanctioned Countries Prominent Hackers
The Treasury’s warning is no idle threat. It is well known that North Korea is a prominent cyber hacker, with their state-sponsored Lazarus group bringing in hundreds of millions of dollars through ransomware demands and cryptocurrency hacks in recent years.
OFAC cited cyberattacks dating back to 2015 that were subsequently traced to hackers in North Korea and Russia, two sanctioned countries, and has emphasized that companies that engage with sanctioned countries or certain individuals from those countries can face prosecution and penalties.
The reminder puts insurance firms in a difficult position and may result in cover related to ransomware being pulled, leaving companies holding the baby were they to be hacked.