OFAC Updates Ransomware Advisory: New Guidance Incentivizes Reporting, Defensive Cybersecurity Measures for Companies Facing Ransomware Attacks

Sullivan & Cromwell LLP - September 23, 2021
Read More

On September 21, 2021, the United States Department of the Treasury’s Office of Foreign Assets Control issued an Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, which provides additional guidance for companies facing ransomware attacks, or processing ransomware payments, on ways to mitigate the risks of a potential sanctions violation in connection with such payments. The Updated Advisory incentivizes companies to proactively improve their information security systems and to promptly report ransomware attacks to U.S. government agencies by offering penalty mitigation under OFAC’s enforcement guidelines in the event a sanctions violation is later discovered. Concurrent with the release of the Updated Advisory, OFAC issued the first designation of a virtual currency exchange under Executive Order 13694 for providing material support to the threat posed by criminal ransomware actors.

Subscribe to our Memos