By

Lindsay Bernsen Wardlaw

08 October 2020

Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

On October 1, 2020, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) published an advisory that highlights the risk of potential U.S. sanctions law violations if U.S. individuals and businesses comply with ransomware payment demands.1

Ransomware attacks use malware, often injected through phishing schemes, to encrypt a victim’s data files or programs, followed by a ransom demand by the threat actor that offers the decryption key in exchange for payment. Payment is often demanded in bitcoin, and thus third-party services are often used to make such payments. Increasingly, ransomware attacks not only lock data up but steal data from the victim and threaten to publish sensitive files belonging to victims. According to OFAC, ransomware attacks have been increasing over the last two years and are a special risk during the COVID-19 pandemic, with cybercriminals targeting not only large corporations but also small to medium enterprises, hospitals, schools, and local government agencies.2

(more…)

EmailShare
28 August 2020

BIS Issues Long-Awaited Notice on Controls on Foundational Technologies, Adds New Entities to Entity List

The U.S. Department of Commerce, Bureau of Industry and Security (BIS) published an advance notice of proposed rulemaking (ANPRM) soliciting comments to identify foundational technologies essential to U.S. national security by October 26, 2020 (the Foundational Technologies ANPRM). The ANPRM is only one step in a multiyear process through which the U.S. government transforms the regulations restricting the availability of U.S.-sourced technology in the global marketplace.

This long-awaited ANPRM launches an intra-agency review process required under Section 1758 of the Export Control Reform Act of 2018 (ECRA), which Congress passed in the National Defense Authorization Act for Fiscal Year 2019 (2019 NDAA). ECRA directed BIS to identify and establish controls on the export, reexport, or transfer (in country) of emerging and foundational technologies essential to the national security of the United States. On November 19, 2018, BIS issued an ANPRM on identification of emerging technologies (the Emerging Technologies ANPRM), indicating that a separate notice for foundational technologies was forthcoming.

Today’s Foundational Technologies ANPRM can be found here. Sidley’s prior updates on ECRA and the Emerging Technologies ANPRM can be found here.1 Here we summarize five key takeaways from today’s notice.

(more…)

EmailShare
XSLT Plugin by BMI Calculator