Shareholder Drew Sorrell discusses a recent announcement by the Office of Foreign Asset Control (OFAC) that it will begin to sanction companies, individuals and intermediaries that facilitate ransomware payments.
By now, most everyone knows that ransomware is software that infects your computer system, makes your data irretrievable and usually breaks things along the way. To unlock your system, the bad guys (or girls) demand you pay a ransom, usually via Bitcoin or similar currency. In exchange for your payment, the bad guys promise to provide you the key to unlock your data and promise not release your data on the Internet or auction if off to the highest criminal bidder. Depending on the professionalism (yes, professionalism) of the bad guy, once you’ve made your payment, you may or may not be able to unlock your system, and they may or may not delete your data versus release or auction it.
In the United States, federal law enforcement authorities have long requested that companies not pay ransoms. This used to be for the salutary reason that if no company pays, there would be no market for ransomware. Likewise, there was this annoying problem that paying ransoms under U.S. law technically may be illegal. I am not, however, aware of any prosecution of a company that paid a ransom. [...]
This is an excerpt from a blog post originally written on Lowndes Tech. To read the entire post, click here.
This article is informational only. You should consult an attorney before acting or failing to act. The law may change rapidly and no warranty is given. LOWNDES DISCLAIMS ALL IMPLIED WARRANTIES AND WITHOUT LIMITATION, ANY WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE. ALL ARTICLES ARE PROVIDED AS IS AND WITH ALL FAULTS. Consult a Lowndes attorney if you wish to establish an attorney/client relationship.