Treasury Advisories Add to Victims’ Woes

Recent warnings from the U.S. Treasury about paying ransomware demands are unlikely to substantially change how cyber insurers cover or handle such situations, according to experts.

However, ransomware victims are likely to be under more pressure to be sure that anti-money laundering and sanctions regulations are honored should they pay a ransom.

The warnings are not a response to any wrongdoing. But, they have been issued at a time when ransomware attacks and ransomware payments are on the rise.

“I believe that both the legal counsel advising insureds as well as the insurance carriers have been aware of OFAC and have taken OFAC regulations quite seriously,” said Nick Economidis, vice president and e-risk underwriter, Crum & Forster. “We’ll likely see some small modifications to existing practices (to make doubly sure that actions are consistent with existing relations), but I do not foresee any big changes.”

Insurers note that victims of such attacks are the ones who decide whether to pay a ransom. Catherine Lyle, head of claims at Coalition, thinks the advisories signal an “increasing willingness to enforce OFAC sanctions on ransomware payments” and “makes clear that victims of ransomware, and the organizations that assist them, must establish processes to comply with OFAC sanctions or risk the consequences.”

FireEye Mandiant’s Charles Carmakal agrees that the advisory, while well-intentioned, will add more complexity for victim organizations after a security incident.