Regulatory Update: OFAC Risk Advisory – The Facilitation of Ransomware Payments Risk Violating OFAC Regulations

Written By Brandon Klerk

“Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments

Date: October 1, 2020

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) is issuing this
advisory to highlight the sanctions risks associated with ransomware payments related to
malicious cyber-enabled activities. Demand for ransomware payments has increased during the
COVID-19 pandemic as cyber actors target online systems that U.S. persons rely on to continue
conducting business. Companies that facilitate ransomware payments to cyber actors on behalf
of victims, including financial institutions, cyber insurance firms, and companies involved in
digital forensics and incident response, not only encourage future ransomware payment demands
but also may risk violating OFAC regulations. This advisory describes these sanctions risks and
provides information for contacting relevant U.S. government agencies, including OFAC, if
there is a reason to believe the cyber actor demanding ransomware payment may be sanctioned
or otherwise have a sanctions nexus.”

Read more here: https://home.treasury.gov/system/files/126/ofac_ransomware_advisory_10012020_1.pdf

Brandon Klerk https://www.halyardcompliance.com
Previous

Regulatory Update: SEC Amendments to Regulation CF, Reg D, Reg A and more are APPROVED!
Next

Compliance News: SEC Issues Risk Alert – Cybersecurity and “Credential Stuffing”