Please disable your adblock and script blockers to view this page

Why it?s hard to sanction ransomware groups


up!ProPublica
Twitter
FSB
U.S. Treasury Department
the Treasury Department’s
Office of Foreign Assets Control
OFAC
Corp
The Treasury Department
BleepingComputer
AdvIntel
Conti’s
OFAC’s Enforcement Division
KGB
FBI
Coveware
Creative Commons License
CC


Conti
Vladimir Putin
Michael Lieberman
Michael Parker
Michael Waters
Ryan Fayhee
Coveware
Bill Siegel
Daniel Golden
Renee Dudley
Farrar
Straus
Giroux


Russian
Americans
Costa Rican

No matching tags

No matching tags


Russia
Ukraine
the United States
U.S.
Washington
America
victims’
North Korea
Iran

No matching tags

Positivity     38.00%   
   Negativity   62.00%
The New York Times
SOURCE: https://www.propublica.org/article/ransomware-russia-ukraine-sanctions-ofac-conti
Write a review: Ars Technica
Summary

The group also stole victims’ data, published samples on a dark website and threatened to publish more unless it was paid.But only a small handful of the legions of alleged ransomware criminals and groups attacking U.S. victims have been named on sanctions lists over the years by the Treasury Department’s Office of Foreign Assets Control, which administers and enforces them.Putting a ransomware group on a sanctions list isn’t as simple as it might seem, current and former Treasury officials said. Indeed, on Thursday, a tech site called BleepingComputer reported that Conti itself has “officially shut down their operation.” The article, which cited information from a threat-prevention company called AdvIntel, laid out details about the status of Conti’s sites and servers but was unambiguous on a key point: “Conti’s gone, but the operation lives on.”The evanescence of the Conti name underscores another reason it’s hard to sanction ransomware groups: Putting a group on a list of sanctioned entities without also naming the individuals behind it or releasing other identifying characteristics could cause hardship for bystanders. So even though Conti was not listed by name, its possible ties to the FSB or other listed Russian entities may have rendered it sanctioned anyway.Between that and the bad optics of paying a group linked to Russia, most victims had not paid Conti’s ransom after the February proclamation, according to lawyers and negotiators who work with ransomware victims. In October 2020 the Treasury Department issued an advisory saying that “companies that facilitate ransomware payments to cyber actors on behalf of victims” may “risk violating OFAC regulations.” A second advisory, in 2021, seemed to acknowledge that victims sometimes make payments that violate sanctions.

As said here by Renee Dudley, ProPublica