Consumer Finance

Department of Treasury Says Paying Off Ransomware May Run the Risk of Sanctions

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory yesterday, alerting companies who engage with victims of ransomware attacks of potential sanctions risks for facilitating ransomware payments.  This advisory highlights OFAC’s designations of malicious cyber actors and those who facilitate ransomware transactions under its cyber-related sanctions program. It identifies U.S. government resources for reporting ransomware attacks and provides information on the factors OFAC generally considers when determining an appropriate enforcement response to an apparent violation, such as the existence, nature, and adequacy of a sanctions compliance program. The advisory also encourages financial institutions and other companies that engage with victims of ransomware attacks to report such attacks to and fully cooperate with law enforcement, as these will be considered significant mitigating factors.


“Ransomware payments benefit illicit actors and can undermine the national security and foreign policy objectives of the United States” and, according to OFAC, ransomware payments may encourage future attacks.  There is a risk that a ransomware payment could include a person or jurisdiction on the OFAC sanctions list and, thus, the advisory states that a ransomware payment could violate applicable OFAC sanctions.


A copy of the bulletin can be found at