Being coerced into paying a large ransomware demand is bad enough. Having to pay a large civil penalty on top of that for transacting with a federally sanctioned cybercriminal group is even worse.
Looking to avoid such fines, incident response (IR) experts are advocating for improvements to ransomware response protocols, including additional oversight and demonstrable due diligence, while also imploring the threat intelligence community to practice responsible threat-actor attribution.
Indeed, a recurring series of questions posed at the Incident Response Forum Masterclass event on Thursday revealed that the incident response industry and their clients are still trying to find their footing six months after the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) released an Oct. 1 advisory warning against companies facilitating ransomware payments to groups who are on the Specially Designated Nationals and Blocked Persons List (“SDN List”) or have a “sanctions nexus.”
Source: Incident response pros seek to prove due diligence after OFAC advisory