[Asia Economy Reporter Joselgina] The U.S. Department of the Treasury has issued a warning about ransomware attacks that disable computer systems and demand ransom payments. It directly referenced cases such as Lazarus, previously known to be backed by North Korea, and warned that companies paying ransoms could also become targets of sanctions.
The Treasury Department's Office of Foreign Assets Control (OFAC) posted an updated ransomware advisory on its website on the 21st (local time), warning that ransomware attacks have increased during the spread of COVID-19. The Treasury explained the update was "to emphasize the sanction risks related to ransom payments for ransomware attacks and the preventive measures companies can take."
Ransomware is a form of cyberattack where hackers block access to critical programs and demand money.
In particular, the Treasury directly mentioned the 2017 ransomware known as "WannaCry 2.0," which infected 300,000 computers across at least 150 countries. The attack was reportedly linked to the cybercrime group Lazarus, supported by North Korea.
The Treasury also emphasized that it has sanctioned individuals who materially support, sponsor, or provide funding, goods, or technology related to ransomware activities and will continue this policy. Representative sanction cases include the U.S. prosecution of three hackers affiliated with North Korea’s Reconnaissance General Bureau: Park Jin-hyuk, Jeon Chang-hyuk, and Kim Il.
Furthermore, it pointed out that victims responding to hacking groups’ ransom demands to restore systems may violate the Trading with the Enemy Act and encourage ransom payments. Under the Trading with the Enemy Act, U.S. persons are prohibited from direct or indirect transactions with specially designated nationals by OFAC.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
