Custom Tech Solutions, Inc.

Information Technology Company

Earlier this month, the US Department of Treasury issued an advisory that states that if you were attacked by ransomware and you pay that ransom in hopes to save your business, you may be in violation of the "OFAC’s Economic Sanctions Enforcement Guidelines" if the ransom paid happens to be paid out to someone that is on the sanctions list.

It specifically states that "OFAC may impose civil penalties for sanctions violations based on strict liability, meaning that a person ...subject to U.S. jurisdiction may be held civilly liable even if it did not know or have reason to know it was engaging in a transaction with a person that is prohibited under sanctions laws and regulations administered by OFAC."

The FBI created a video on business email compromise and how to protect yourself.

- Lock down your company's email account
- Use 2FA, strong passwords, secure internet connections
- Keep company accounts separate from personal accounts....
- Establish out-of-band communication such as telephone verification. Setup this communication in advance. Don't use email to set it up because they may already be in there and you are may be telling the bad guy how to verify with you.
- Verify all requests that seem out of the ordinary. For example, they want you to reach out to them on a person email when all correspondences are using the company email. It is a red flag.
- Use forward option and type in the email address instead of replying to an email to ensure you are replying to the right person.
- Consider flagging email from outside the company so you can look into it more.