Swift Quoted in Legaltech News About Impact of U.S. Treasury Department Sanctions in Ransomware Payments
07 August 2020
Legaltech News
News
Partner Christopher Swift was quoted in the Legaltech News article, “Treasury Department Potentially Making Ransomware Payments More Complicated — and Costly,” which discussed how companies impacted by ransomware also need to think about U.S.Treasury Department sanctions when deciding whether to pay ransomware. The Office of Foreign Assets Control, a financial intelligence and enforcement agency within the U.S. Treasury Department, maintains a Specially Designated Nationals and Blocked Persons List of groups or individuals that U.S. persons are “generally prohibited from dealing with,” which includes the payment of cryptocurrency ransoms. While OFAC has yet to levy penalties against businesses who pay ransom to an SDN list entity, companies in the midst of a cyber crisis may still have to proceed carefully.
Swift noted that a business could very quickly see its financial exposure rise beyond a hypothetical million-dollar ransom. “Not only have you paid a million dollars to a criminal group … the penalties when the Treasury Department finds out about it and comes after you are going to be anywhere from $300,000 to $2 million on top of the ransom you just paid, plus the cost of attorneys’ fees,” he said.
But the calculus that a company faces when deciding whether to pay a cryptocurrency ransom to an actor on the SDN list also extends beyond the financial considerations involved. Like many other types of cyber incidents, Swift pointed out that there’s a reputational element that a business has to consider when being publicly seen as doing business with a criminal or potentially even a terrorist organization.
Some businesses may also find unexpected value in consulting with their information technology departments about the full extent of their backups, which Swift thinks can often extend further than a business’ leadership knows. “IT departments tend to save a lot of data. Their sort of culture and outlook is built around saving and sustaining data. They save stuff they don’t need to save,” Swift said.
Swift noted that a business could very quickly see its financial exposure rise beyond a hypothetical million-dollar ransom. “Not only have you paid a million dollars to a criminal group … the penalties when the Treasury Department finds out about it and comes after you are going to be anywhere from $300,000 to $2 million on top of the ransom you just paid, plus the cost of attorneys’ fees,” he said.
But the calculus that a company faces when deciding whether to pay a cryptocurrency ransom to an actor on the SDN list also extends beyond the financial considerations involved. Like many other types of cyber incidents, Swift pointed out that there’s a reputational element that a business has to consider when being publicly seen as doing business with a criminal or potentially even a terrorist organization.
Some businesses may also find unexpected value in consulting with their information technology departments about the full extent of their backups, which Swift thinks can often extend further than a business’ leadership knows. “IT departments tend to save a lot of data. Their sort of culture and outlook is built around saving and sustaining data. They save stuff they don’t need to save,” Swift said.
People
Related Services
Industry Teams
Practice Areas
Insights
“The Dark Overlord” Pleads Guilty to Cyber Theft and is Sentenced to 5 years in Prison and Fined $1.467M!
22 September 2020
Internet, IT & e-Discovery Blog
Divided Eleventh Circuit Panel Bars Incentive Awards for Class Representatives in Class Action Settlements
22 September 2020
Consumer Class Defense Counsel
Podcast Episode 14: Senayt Rahwa, Senior Counsel
22 September 2020
Foley Career Perspectives
Taking a HIIT to Your Productivity and Wellbeing?
22 September 2020
Foley Career Perspectives
Hennessy Quoted in Law360 About COVID Health Apps and Privacy Laws
18 September 2020
Law360
Hoffman Quoted in The Wall Street Journal About Whether Employers Can Require Employees to Get a COVID-19 Vaccine
18 September 2020
The Wall Street Journal
Chmielewski and Faget Discuss the Momentum of Virtual Clinical Trials Post-COVID in a Q&A with Clinical Leader
17 September 2020
Clinical Leader
Ellis Receives 2020 Texas Lawyer Best Mentor Award
17 September 2020
Texas Lawyer
Discover Telehealth Conference
18 November 2020
Webinar
County Counsel’s Association of California’s Health and Welfare Fall 2020 Study Section Meeting
29 October 2020
Virtual Conference
Insight Exchange Network’s Utilization Management Virtual Summit
20-22 October 2020
Virtual Conference
16th Annual IP Conference (Virtual): Knowing When and How to Pivot 2.0
16 October 2020
Virtual Conference