Paying Ransomware Demands Can Create Risk of Violating OFAC Sanctions

Weiner Brodsky Kider PC

Weiner Brodsky Kider PC

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued new guidance regarding how paying ransoms due to ransomware attacks can potentially violate OFAC sanctions.

Ransomware is a type of malicious software which generally blocks access to computer systems and data by encrypting the information so that it is not accessible to the authorized users, and may also involve threats to publicly disclose sensitive or confidential information.  The victims are generally required to make a ransom payment in order to decrypt the files so that they may regain access and avoid public disclosure.  Ransomware attacks have increased significantly over the last few years, and are now often targeted at small- and medium-sized businesses, local government agencies, hospitals, school districts, and other entities which may not have the resources to implement comprehensive cybersecurity.

OFAC administers and enforces the United States’ economic and trade sanction programs, and has imposed sanctions on persons and entities engaged in ransomware attacks.  Payment of ransomware demands to these persons and entities can potentially violate OFAC sanctions.

OFAC recommends that companies and entities who may be targeted or who may be directly or indirectly involved in responding to these attacks (e.g., cyber insurers, digital forensics and incident responders, financial services companies) implement risk-based compliance programs to mitigate exposure to sanctions-related violations.  In particular, the sanctions compliance programs of these companies should account for the risk that a ransomware payment may involve an individual or entity on OFAC’s Specially Designated Nationals and Blocked Persons List, or a comprehensively embargoed jurisdiction. OFAC also recommends immediately reporting ransomware attacks to law enforcement and cooperating fully with law enforcement both during and after a ransomware attack, as these may be mitigating factors is case of a possible violation.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Weiner Brodsky Kider PC | Attorney Advertising

Written by:

Weiner Brodsky Kider PC

Weiner Brodsky Kider PC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.