Custom Tech Solutions, Inc.Information Technology Company
Earlier this month, the US Department of Treasury issued an advisory that states that if you were attacked by ransomware and you pay that ransom in hopes to save your business, you may be in violation of the "OFAC’s Economic Sanctions Enforcement Guidelines" if the ransom paid happens to be paid out to someone that is on the sanctions list.
It specifically states that "OFAC may impose civil penalties for sanctions violations based on strict liability, meaning that a person ...subject to U.S. jurisdiction may be held civilly liable even if it did not know or have reason to know it was engaging in a transaction with a person that is prohibited under sanctions laws and regulations administered by OFAC."
In other words, if you were attacked and to save your business, you paid the ransom, you are risking being put out of business by the OFAC due to fines.
The best thing is to steer clear from being in that situation in the first place.
If you are worried about being in such situation, reach out to us, we can help you follow best practices to stay as far as away from being in such situation.
For those of you that want to read the advisory, here is the link to it. https://home.treasury.gov/…/ofac_ransomware_advisory_100120…
The FBI created a video on business email compromise and how to protect yourself.
- Lock down your company's email account
- Use 2FA, strong passwords, secure internet connections
- Keep company accounts separate from personal accounts....
- Establish out-of-band communication such as telephone verification. Setup this communication in advance. Don't use email to set it up because they may already be in there and you are may be telling the bad guy how to verify with you.
- Verify all requests that seem out of the ordinary. For example, they want you to reach out to them on a person email when all correspondences are using the company email. It is a red flag.
- Use forward option and type in the email address instead of replying to an email to ensure you are replying to the right person.
- Consider flagging email from outside the company so you can look into it more.
Here is the video if you want to watch it.