02-22-2019 04:41:18 PM -0800
02-21-2019 02:04:47 PM -0800
02-21-2019 11:01:19 AM -0800
02-20-2019 06:05:04 PM -0800
02-20-2019 04:41:47 PM -0800
It looks like you've previously blocked notifications. If you'd like to receive them, please update your browser permissions.
Desktop Notifications are  | 
Get instant alerts on your desktop.
Turn on desktop notifications?
Remind me later.
PJ Media encourages you to read our updated PRIVACY POLICY and COOKIE POLICY.

Stretch, grab a late afternoon cup of caffeine and get caught up on the most important news of the day with our Coffee Break newsletter. These are the stories that will fill you in on the world that's spinning outside of your office window - at the moment that you get a chance to take a breath.
Sign up now to save time and stay informed!

Thinking of Making a Ransomware Payment? You Could Run Afoul of Iran Sanctions, DOJ Says

Ransom malware, or ransomware, is a growing threat to businesses and individuals. It’s software that infects a computer system and prevents users from accessing their files and using their computers. The only way to turn it off is to pay the company that infected the computer a ransom to remove it. But doing so could get you in hot water with the federal government, according to a recently unsealed grand jury indictment.

Ransomware infects a computer through an unsolicited email that contains attachments that are opened or links that are clicked on. These are typically disguised to look perfectly legitimate, sometimes even using an email address from a known acquaintance or a business we frequent.

One reason so many people were up in arms when Facebook accessed the address books of their users to identify friends is that these relationships can end up in the hands of unknown users who can send email from a friend’s address.

Once the ransomware infects a computer, the criminals often find a receptive company or individual that’s willing to pay to remove it and restore access to their files. Often, the cost of losing data or the loss of a computer can be more than the payment being demanded. The payments are then made, often using cryptocurrency, a digital payment system that avoids the use of credit cards and preserves some anonymity.

But paying some of these criminals may now be illegal. The Department of Justice this week unsealed a grand jury indictment against two Iranian hackers who are alleged to be responsible for the SamSam ransomware attacks. The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) identified the cryptocurrency addresses of those individuals who were involved in converting ransomware cryptocurrency payments to Iranian currency.

They announced, "While OFAC routinely provides identifiers for designated persons, today’s action marks the first time OFAC is publicly attributing digital currency addresses to designated individuals."

In this instance, the cryptocurrency addresses belong to two Iran-based individuals, Ali Khorashadizadeh and Mohammad Ghorbaniyan, who the U.S. government explained have facilitated the exchange of ransomware payments into Iranian rial. Their crypto accounts contain 5,901 bitcoins — more than $23 million U.S. dollars. They have now been added to the government's list of individuals that U.S. companies and individuals are blocked from doing business with.

Specifically, OFAC notes, "As a result of today’s action, persons that engage in transactions with Khorashadizadeh and Ghorbaniyan could be subject to secondary sanctions. Regardless of whether a transaction is denominated in a digital currency or traditional fiat currency, OFAC compliance obligations are the same."

This means that anyone whose computer is infected with ransomware would be in violation of U.S. law and could be fined, should they try to make a payment. This also affects private companies that help people deal with ransomware, including negotiating on their behalf to make these payments.