Ransomware is now categorised as a tier 1 national security threat, with attacks against businesses and public sector organisations increasingly common.
The UK has recently sanctioned individuals associated with ransomware groups known as Conti, Wizard Spider, UNC1878, Gold Blackburn, Trickman and Trickbot. The ransomware strains Conti and Ryuk affected 149 UK individuals and businesses and extorted at least an estimated £27 million from them. Conti was behind attacks that targeted hospitals, schools, businesses and local authorities, including the Scottish Environment Protection Agency.
The UK government said that by sanctioning these cyber criminals, it is sending a clear signal to them and others involved in ransomware that they will be held to account. It also said that it will always put its national security first by protecting the UK and its allies from serious organised crime.
In light of that, the UK Government, issued a paper (Feb-2023) discussing the use of financial sanctions against ransomware threat actors causing harm to the UK. It warns that making or facilitating a ransomware payment can expose individuals or entities to civil or criminal penalties if the payment is made to designated persons subject to financial sanctions. The paper provides guidance on engaging with HMG and outlines aggravating and mitigating factors that HMG will consider for any related civil or criminal enforcement action relating to financial sanctions breaches.
CyberSolace would emphasise that ransomware payments are often a thorny topic and would always discourage clients from considering this option unless, i) the threat-actor is not sanctioned, ii) it is the last possible resort to save the business. We invite all our audience and clients to get in touch if they need any consultation on this topic.