US Treasury warns crypto firms not to reimburse unknown ransomware victims

Malware payouts from insurance companies pose a threat to U.S. national security.

Two offices of the U.S. Department of the Treasury have issued advisories on ransomware payouts, which they say pose a threat to national security.

"Among these entities are digital forensics and incident response companies and cyber insurance companies. Some DFIR companies and CICs, as well as some MSBs that offer CVCs , facilitate ransomware payments to cybercriminals, often by directly receiving customers' fiat funds, exchanging them for CVC, and then transferring the CVC to criminal-controlled accounts."

The announcements also note that while Bitcoin remains the favorite currency of the cybercriminals, there is a trend toward greater use of privacy coins.

Apparently, some criminals have even offered a discount to those who chose the latter.

The Treasury Office of Foreign Assets Control's statement emphasizes that some of the biggest ransomware attacks of the recent past were perpetrated by foreign actors.

It stressed that the funds received as a result of such activity could be used to the detriment of U.S. national security.

OFAC also restated that in addition to having a list of sanctioned individuals with whom U.S. persons are prohibited from transacting, there are certain countries and regions that are on the list as well.

"Critically, ransoms must stop being paid. Attacks like this happen for one reason and one reason only: because some companies pay the criminals. If nobody paid the criminals, there'd be no more ransomware. It's that simple."

It appears to be the first serious attempt by the U.S. government to crack down on these payouts and on those who facilitate them.