Your chief information officer breathes a sigh of relief because a significant cyber liability policy is placed. Then on October 1, 2020 the US Treasury Department’s Office of Foreign Assets Control (OFAC) issued an advisory prohibiting ransomware payments to any person on the list of Specially Designated Nationals and Blocked Persons (SDN). Some of the most notable ransomware in the past few years, Cryptolocker, SamSam, WannaCry and Dridex are attributed to criminals from embargoed countries like Crimea, North Korea, Iran and Syria.
What does this mean?
- Permission to pay a ransom must be requested of OFAC with the “presumption of denial”. This means companies should expect OFAC to say no.
- The burden of prevention of a cyber is even higher and companies must increase employee training, prevent areas of vulnerability, implement multi-factor authentication, and be vigilant in the monitoring of email, web and network activity.
Read more from the D&O Diary.