How the US Plans to Crack Down on Ransom Payments to North Korean Hackers

October 7, 2020
Shea Cotton

The following is an excerpt of an article originally published by NK News.

In October, the U.S. issued new guidelines warning tech firms that they can face fines for paying ransoms to the DPRK Earlier this month, a major U.S. agency released new guidelines on paying money to sanctioned groups in the event of a ransomware cyberattack. These guidelines mark a meaningful shift in how the U.S. government is looking to apply sanctions to cybersecurity problems.

On Oct. 1, 2020, the U.S. Office of Foreign Assets Control (OFAC) released the guidelines, which essentially tell cybersecurity and cyber-insurance companies that they could face fines or other penalties for paying ransoms to sanctioned entities.

Ransomware attacks typically involve a perpetrator who deploys malware onto a computer system and blocks access to that system until the victim agrees to pay a ransom. If the victim wants to use their computer again, they may think that they have no choice but to pay up.

But now, OFAC is signaling that this could soon change.

The U.S. government has a significant technical edge on just about every malicious cyber actor, yet policy solutions to challenges like this have certainly lagged.

OFAC’s new guidelines are one clear indication that policy may be starting to catch up. Actions like this are only going to increase — sanctions play a significant part in the United States’ North Korea policy, and it makes sense that sanctions will play a significant part in countering North Korea’s malicious cyber activities, too.

Continue reading at

Comments Are Closed