Thank you for sharing!

Your article was successfully shared with the contacts you provided.
RansomwareIn October 2020, the Department of Treasury’s Office of Foreign Assets Control (OFAC) issued an “Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments” (the Advisory), putting into writing guidance to reinforce the prohibition of ransom payments by ransomware attack victims to not only the defined class of Specially Designated Nationals (SDNs) targeted under Treasury’s Cyber Sanctions Program—but also to a broad class of any entities with a “sanctions nexus” to SDNs. The Advisory, however, does not contain any insight into just what constitutes a “sanctions nexus” in the unique context of Treasury’s Cyber Sanctions Program. Nevertheless, the Advisory memorializes OFAC’s ability to impose strict liability on any company that makes the difficult decision to pay a ransom to protect its reputation, business secrets, personal data, and value for shareholders. What is more, the Advisory also specifically warns the ransom negotiators, insurers, and financial institutions that assist victims who make the difficult decision to pay that they, too, may be liable for facilitating a ransom payment with the undefined “sanctions nexus.”

There are plenty of good reasons not to pay a ransom, not least of which is the lack of any guaranty that a threat actor will simply disappear, never to return. But in many instances, without paying, management will be unable to run its business or deliver its goods and services. The decision not to pay can be devastating. For example, when a SamSam attack hit the City of Atlanta in March 2018 (an incident referenced in the Advisory), the City elected not to pay the $51,000 demanded for decryption. The result was an inability to work around the encryption and a cost of $17 million to rebuild its network.

Ignoring such real world consequences, the Advisory’s reminder that OFAC imposes strict liability for payments to those with an undefined “sanctions nexus” coupled with the unique inability to identify all prohibited individuals and the digital currency accounts they use to receive a ransom leaves ransomware victims, who desperately need the comfort of certainty after an attack, with no comfort at all.

Want to continue reading?
Become a Free ALM Digital Reader.

Benefits of a Digital Membership:

  • Free access to 1 article* every 30 days
  • Access to the entire ALM network of websites
  • Unlimited access to the ALM suite of newsletters
  • Build custom alerts on any search topic of your choosing
  • Search by a wide range of topics

*May exclude premium content
Already have an account?


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.