Companies that assist victims of ransomware attacks in making payments to criminal hackers could face penalties, according to a new advisory from the US Department of the Treasury.
The civil penalties would apply to those who assist in making ransom payments on behalf of victim companies or governments hacked by criminal groups that have been sanctioned by the Treasury Department. The new advisory, from the department’s Office of Foreign Assets Control, could fundamentally change the calculus for companies – and their advisers – after they’ve been infected with ransomware.