By Raphael Satter

Oct 1 (Reuters) - The U.S. Treasury said on Thursday that cybersecurity companies that help facilitate ransomware payments to sanctioned hackers may be in violation of American law, a shift that signals a crackdown on the fast-growing market for consultants hired to help organizations pay off cybercriminals.

In a pair of advisories, the Treasury's Office of Foreign Assets Control and its Financial Crimes Enforcement Network warned that facilitating ransomware payments could be punished if the victims or the facilitators did not know that the hackers demanding the ransom were sanctioned.

The Enforcement Network's advisory also warned that cybersecurity firms may need to register as money services businesses if they help make ransomware payments - a move that would impose a new reporting requirement on a previously little-regulated corner of the cybersecurity industry.

Ransomware - a special class of malicious software that holds computers and network hostage in return for payment - has become an increasingly dangerous threat. Cybercriminals have long used the software to loot their victims and some countries - notably North Korea - are also accused of deploying ransomware to earn cash.

(Reporting by Raphael Satter Editing by Chizu Nomiyama)

