美国财政部咨询公司(Treasury Department.advisory)关注勒索软件谈判人员

最近,美国财政部向那些为受害者提供赎金支付服务的公司提供咨询后,新兴的勒索软件谈判行业成为关注的焦点

.

外国资产管制处的指导意见将重点放向企业组织提供勒索软件谈判服务的公司。过去两年左右的时间里,这类公司中的少数已经出现,他们提供的服务旨帮助勒索软件受害者与攻击者进行专业沟通,并协商双方都能接受的结果

最近,美国财政部(Department of The Treasury)向那些为受害者提供赎金支付服务的公司提供咨询后,新兴的勒索软件谈判行业成为关注的焦点

OFAC的咨询意见没有对愿意向威胁参与者支付赎金以勒索软件攻击后重新访问其数据的组织提出任何具体的新限制。它主要提醒各组织,如果它们或任何代表它们行事的人向外国资产管制办公室制裁名单上的个人或实体付款,它们可能会触发违反美国现行政策的行为。OFAC目前其与网络有关的制裁名单上有许多威胁行为体,包括勒索软件运营商,如朝鲜的Lazarus group,以及SamSam、Dridex和CryptoLocker活动的幕后黑手GroupSense就是最近的一个例子。本月早些时候,该公司推出了一项新的服务,声称可以帮助勒索软件受害者解决攻击后的一系列问题。据GroupSense称,它可以帮助组织评估和确认攻击,与威胁行为体协商以减少赎金需求,管理加密货币支付,安排销毁任何被盗数据,以及执行其他交易后活动

其他一些主要是小型公司-例如CyberSecOp,Arete顾问有限责任公司,以及双子座咨询公司—也兜售勒索软件谈判服务。华尔街日报最近形容阿雷特帮助阿拉巴马州佛罗伦萨市2020年6月的一次袭击后协商减少赎金支付

要阅读完整的文章,访问黑暗阅读

英文译文:

The emerging ransomware negotiator industry has come into the spotlight recently following an advisory from the US Department of the Treasury for companies that facilitate ransom payments to threat actors on behalf of victims.

OFAC’s advisory did not introduce any specific new limitations for organizations willing to pay threat actors a ransom to get back access to their data after a ransomware attack. It mostly reminded organizations of potential violations of existing US policy they would trigger if they — or anyone acting on their behalf — made the payment to individuals or entities on OFAC’s sanctions list. OFAC currently has numerous threat actors on its cyber-related sanctions list, including ransomware operators such as North Korea’s Lazarus group and those behind the SamSam, Dridex, and CryptoLocker campaigns.

Threat intelligence firm GroupSense is one recent example. Earlier this month, the company introduced a new service that it says can help ransomware victims navigate a slew of issues following an attack. According to GroupSense, it can help organizations evaluate and confirm attacks, negotiate with threat actors to reduce ransom demands, manage cryptocurrency payments, arrange for the destruction of any stolen data, and carry out other post-transaction activities.

A handful of other mostly small companies — such as CyberSecOp, Arete Advisors LLC, and Gemini Advisory — tout ransomware negotiation services as well. The Wall Street Journal recently described Arete as helping the city of Florence, Ala., negotiate a reduced ransom payment after a June 2020 attack.

Share this Post:

相关资讯: