OFAC Warns Americans Against Facilitating Ransomware Payments

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) recently issued an advisory highlighting the sanctions risk American citizens face if they help facilitate ransomware payments. In the advisory, the OFAC says it will “continue to impose sanctions on those who materially assist, sponsor, or provide financial, material, or technological support for these activities.”

In the document, the OFAC argues that acceding to ransomware demands–which are normally settled using cryptocurrencies–not only emboldens cybercriminals but also threatens the national security and foreign policy objectives of the United States. Instead, the OFAC “encourages victims and those involved with addressing ransomware attacks to contact OFAC immediately if they believe a request for a ransomware payment may involve a sanctions nexus.”

Detailing the gravity of such offences, the advisory says the OFAC “may impose civil penalties for sanctions violations based on strict liability.” This means that any person that is subject to U.S. jurisdiction “may be held civilly liable even if it did not know or have reason to know it was engaging in a transaction with a person that is prohibited under sanctions laws.”

Still, the document provides links to resources that Americans can use to determine if their activities amount to a violation of laws. For instance, OFAC’s Economic Sanctions Enforcement Guidelines provide more information regarding the office’s enforcement of U.S. economic sanctions. The guidelines also “include the factors that OFAC generally considers when determining an appropriate response to an apparent violation.”

Meanwhile, the OFAC says it wants “financial institutions and other companies to implement a risk-based compliance program to mitigate exposure to sanctions-related violations.” According to the US sanctions enforcement office, this “applies to companies that engage with victims of ransomware attacks.”


Read More