CryptoCyber risk

The Treasury Cryptocurrency Handbook, Chapter 1: Ransomware

By September 30, 2021No Comments

Finance teams prepare for questions on crypto as corporates plan for ransomware attacks.

Cryptocurrency and ransomware proved popular topics at a recent meeting of NeuGroup for Global Cash and Banking, during both the Projects and Priorities session and in a smaller breakout group.

  • Some members are being asked how treasury plans to respond if cryptocurrency is needed in the event of a ransomware attack.
  • Most members said their companies have no current interest in investing in or holding cryptocurrency.  A few members work at corporates exploring the potential use of crypto as payment by customers.

Preparing a handbook. One member said someone on her team is developing a cryptocurrency handbook that will include use cases and address “when and why and if” the company would use crypto.

  • Treasury wants to have the information “readily available because we know the questions are going to be coming soon,” she said.
  • Treasury will share the information with other parts of the business and finance teams to educate people and make them more comfortable with what crypto is and how it’s used—or could be used at the company.
  • The idea intrigued another member, who said, “I want to hear more on the crypto handbook. This is something we’re starting to contemplate as well. How can we be prepared in case we’re asked or forced to accept [crypto] in the jurisdictions where we operate or sell?”

Ransomware strategies, facilitators. Several members discussed looking into using third-party facilitators that, among other services, help corporates make payments using cryptocurrency following a ransomware attack. “If we have a ransomware attack, what happens?” one member asked.

  • Among the companies mentioned in the discussion on facilitators were Bitpay, Coverware and Arete Advisors.
    • Arete’s website includes this note: “If it is determined by the [insurance] carrier and breach coach that paying a ransom is the most effective way to resolve the issue, Arete will communicate with the ‘bad actor’ on the client’s behalf to obtain the amount of the ransom demand and negotiate a settlement.”
  • The general consensus among members: Banks are not interested in playing a role in transactions involving crypto, one reason corporates are turning to facilitators.
  • One member told NeuGroup Insights, “Certain banks are more willing [than others] to provide contacts to these facilitators. Others are more strict and would point a corporate to the FBI to handle the situation. The FBI would then help in advising how to handle any ransomware payment.”
  • Within some corporates, the issue of ransomware and cyberattacks involves coordination with insurance and corporate security teams.

Ransom payer beware. One member at the meeting referenced an article previewing sanctions and other actions by the Biden administration to make it harder for hackers to use cryptocurrency to profit from ransomware attacks.

  • The same week as the global cash and banking meeting, the Treasury Department announced those sanctions and actions.
  • They include an updated advisory from Treasury’s Office of Foreign Asset Controls (OFAC) on potential sanctions risks for facilitating ransomware payments.
  • It includes this recommendation: “The U.S. government strongly discourages all private companies and citizens from paying ransom or extortion demands and recommends focusing on strengthening defensive and resilience measures to prevent and protect against ransomware attacks.”
  • The law firm Bracewell commented, “While the advisory does not change existing law, it signals increased regulatory enforcement and an intent to put companies on notice that they will have an even more complicated risk analysis to conduct when faced with a ransomware attack.”
  • One member said he finds it “very interesting…how OFAC plays a role in this whole process and may create additional hurdles for corporates to face in paying any ransom in the future.”
Justin Jones

Author Justin Jones

More posts by Justin Jones