Pub15-2020-2021-Issue5

NEBRASKA BANKERS ASSOCIATION 13 COUNSELOR’S CORNER — continued on page 14 WALENTINE O’TOOLE, LLP When time is of the essence, experience counts. Walentine O’Toole blends confidence, experience and knowledge with the personal attention you can expect from a regional law firm. www.w alentineotoole .com 402.330.6300 11240 Davenport St . • Omaha, NE 68154-0125 While Bitcoin itself is the currency, the currency is moved and tracked using blockchain technology and cryptocur- rency wallets. The blockchain uses wallet addresses to move the money to keep track of the balances of the total amount of cryptocurrency, the balances of each wallet, and the total transactions which take place. Because the blockchain and wallets use anonymous addresses, most users and people believe that the owner of the wallets are anonymous as well. But investigations into the use of the wallets and the addresses associated with the wallets often result in the attri- bution of the wallet to a person in many instances. Bitcoin wallets can be traced on the Dark Web and can be identified through classified sources and methods. Because Bitcoin uses the blockchain to maintain the public ledger, once one transfer can be traced to a Bitcoin wallet and attributed to an individual, then all transfers made to the same wallet can be traced as well. All ransom payments would be able to be tracked and traced using this same method. The OFAC Memorandum The continued rise of seizure of cryptocurrencies from terrorists’ groups and the rise of money movement outside the normal financial channels lead OFAC to issue their memorandum. The memorandum is a five-page explana - tory memo interpreting the sanctions laws and regulations as they apply to ransomware payments. The memo outlines several key points for the application of payments to ransomware: First, ransomware threat actors, wal- let addresses, and email addresses have been added to the OFAC Specified Des - ignated National (SDN) list for the past several years. As the number of ransom- ware attacks have grown and payments have grown, there has been increased intelligence that money has been traced to groups engaged in the types of activi- ties which are subject to bans. OFAC has added names and identifiers for people and addresses involved in attacks such as the Cryptolocker, SamSam, WannaCry, Evil Corp and others. Second, ransomware itself and pay- ments to the threat actors are a threat to national security. Research and intelligence have shown that money is being funneled to and used by terror- ists groups, organized crime, and others acting against the interests of the United States. The payment of the ransom only feeds these activities and emboldens the criminals to conduct more of these attacks. The continued payment of ransoms only ensures the continued criminal activity. Third, facilitating payments may be a violation of OFAC regulations. Facilitation can be any transaction, including transactions by non-US persons that cause a payment, either directly or indirectly, to individuals or organizations on the SDN list may be a violation. In addition, any transaction or act which causes a person to violate the regulations is also prohibited. Fourth, organizations should adopt a risk-based approach to ransomware attacks and account for the possibility that a payment may violate OFAC regula - tions. This advice or guidance is for any company involved in the response to a cyber-attack including cyber insurance companies, digital forensics, and incident response organizations. Knowing the pro- cess to search the SDN list may prevent an