On 5 August, Law 360 reported that paying off cybercriminals to return operations to normal could be a violation of US sanctions, depending on the hackers’ status. The article cites the case of  Garmin, which restored access to its systems by paying off the criminals who used the WastedLocker malware to infiltrate Garmin’s systems. However, US authorities had designated Evil Corp, the alleged developer of WastedLocker, in December together with 2 Russian nationals accused of leading the group. OFAC has yet to impose any fines for companies paying ransoms to sanctioned groups, but analysts say companies should try to assess the status of any potential attacker before paying a ransom.


Author: raytodd2017

Chartered Legal Executive and former senior manager with Isle of Man Customs and Excise, where I was (amongst other things) Sanctions Officer (for UN/EU sanctions), Export Licensing Officer and Manager of the Legal-Library & Collectorate Support Section

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s