OFAC sanctions virtual currency exchange and updates ransomware advisory

Written By Brandon Klerk

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) is issuing this updated advisory to highlight the sanctions risks associated with ransomware payments in connection with malicious cyber-enabled activities and the proactive steps companies can take to mitigate such risks, including actions that OFAC would consider to be “mitigating factors” in any related enforcement action.

Demand for ransomware payments has increased during the COVID-19 pandemic as cyber actors target online systems that U.S. persons rely on to continue conducting business. Companies that facilitate ransomware payments to cyber actors on behalf of victims, including
financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations. The U.S. government strongly discourages all private companies and citizens from paying ransom or extortion demands and recommends focusing on strengthening defensive and resilience measures to prevent and protect against ransomware attacks.

Read more here:

https://home.treasury.gov/system/files/126/ofac_ransomware_advisory.pdf

https://home.treasury.gov/policy-issues/financial-sanctions/recent-actions/20210921

Brandon Klerk https://www.halyardcompliance.com
Previous

Regulatory Update: SEC Observations Regarding Implementation of Reg BI’s Form CRS Disclosures

Next

Regulatory Update: SEC’s First-Ever Enforcement Actions Regarding Duties of Municipal Advisors