In a recently unsealed grand jury indictment against a pair of Iranian hackers, we've learned that in addition to identifying the hackers by name, they've also been identified by their specific cryptocurrency wallet address.
Here's why that matters:
The OFAC has added both hackers to the Specially Designated Nationals and Blocked Persons List. That means that US citizens and businesses are forbidden to do business with or conduct transactions of any kind with them, including sending ransom payments to their cryptocurrency addresses.
Since federal investigators are monitoring those wallets now, any ransom payments sent to them could easily be traced back to the person sending the funds. At that time, the sender would be subject to secondary sanctions and fines that would be far more than whatever the original ransom amount might have been.
Needless to say, this complicates things a great deal for companies hit by ransomware attacks and it makes it all the more important to have a strategy in place to recover your files if you are successfully attacked in this manner.
Failure to do so could be ruinously expensive. In addition to suffering system downtime (which will cause your company to bleed red ink), and the funds lost paying the ransom, now you've got to worry about the federal government. Not good.