On September 21, 2021, the US Department of the Treasury’s Office of Foreign Asset Control (OFAC) issued an updated advisory on the sanctions risks of facilitating ransomware payments.  OFAC issued a prior version of its advisory on October 1, 2020. In the months since, attacks have continued and target entities in the United States, including many in sensitive industries, generating increased concern over the scale of the problem. OFAC’s updated advisory is part of the Biden administration’s ongoing efforts to address the national security and economic risks posed by such attacks. The updated advisory emphasizes that OFAC “strongly discourages” victims from making ransom payments and reemphasizes the sanctions risks of doing so, but also seeks to provide victims with greater clarity about the steps that can be taken to reduce the likelihood of a public enforcement response if a company inadvertently makes or facilitates ransom payments that may have a sanctions nexus.

Continue Reading OFAC Issues Revised Ransomware Advisory