Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySectorsSecurity Enterprise Services

Paying that ransom request could land you in legal trouble for sanctions violations

By Ginger Faulk
To pay or not to pay? paying ransomware can land your company with U.S. sanctions
December 16, 2020

If your business has been experiencing more phishing, ransomware and malware attacks during the pandemic, you are not alone. Recent data presented by the FBI indicates such cyber attacks and ransom requests are on the rise. Meanwhile these attacks are generating massive revenue for the attackers. Citing recently released FBI data, the US Department of the Treasury, through the Office of Foreign Assets Control (“OFAC”), has placed businesses on notice that payment of ransoms to certain cyber attackers could get a company in trouble under U.S. sanctions laws and regulations for helping to finance sanctioned organizations. Sanctions violations carry significant civil and criminal penalties, as well as reputational and other risks. Therefore this latest warning highlights a new and significant consideration in ransomware incident response.

A recent advisory issued by OFAC recognizes that certain sanctioned governments and cybercrime organizations are behind many of the recent ransomware attacks. The advisory references several different types of ransomware software used or developed by sanctioned persons, including Cryptolocker reportedly developed by sanctioned person Evgeniy Mikhailogich Bogachev; SamSam ransomware, allegedly supported by certain sanctioned Iranians; Wannacry 2.0, linked to Lazarus Group, a sanctioned cybercriminal organization allegedly sponsored by North Korea; and Dridex malware, used by sanctioned Russia-based organization Evil Corp.

OFAC warns that it “has imposed, and will continue to impose, sanctions on these actors and others who materially assist, sponsor, or provide financial, material, or technological support for these activities.” It further states that this is an important enforcement because ransomware payments could fund criminals and adversaries to profit and advance their illicit aims and therefore fund activities adverse to the national security and foreign policy objectives of the United States. OFAC also states that payments may embolden cyber criminals to engage in more attacks and do not guarantee that the victim will regain access to its data.

As a result, ransomware payments benefiting these sanctioned individuals and organizations give rise to sanctions liability for ransomware victims, even if the victim did not know – or even have any basis for knowing – the identity of the attacker. This is because OFAC has the authority to enforce U.S. sanctions regulations on a strict liability basis, meaning that a payment to a sanctioned person is prohibited whether or not the payer was aware of the identity of the payee.  OFAC may exact civil penalties for such actions. 

It is not only the victim that can get in trouble for initiating the payment, but financial institutions, online payment processors, forensic/cyber consultants and cyber insurers are also exposed to the risk of facilitating a payment to a sanctioned person in violation of U.S. sanctions regulations. In fact, the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) also issued related guidance alerting banks and payment processors to their role in processing ransomware payments in violation of U.S. sanctions laws.

Even so, there are measures that companies can take both to prevent such violations and to mitigate their enforcement risks in the event of a violation:

  • First, taking steps to prevent ransomware attacks from occurring in the first place is the best defense against extortion by sanctioned parties.
  • Next, companies should acknowledge that, in the event of a ransomware attack, the overriding interest in getting the business back up in operation may cause “red flags” of sanctions risk to be overlooked or disregarded.
  • Therefore, companies are advised to proactively develop procedures in preparation for a ransomware attack that include procedures for conducting sanctions due diligence of the attacker based on available information, including by screening all available information regarding the attackers and their digital identifiers against U.S. sanctions lists and consulting as appropriate with law enforcement.
  • Any compliance program and crisis plan should include a clear commitment from senior management and ensure this sanctions risk is communicated to all relevant employees and understood by senior management.
  • Increased engagement and information sharing between OFAC and the IT community will serve to improve the amount and quality of OFAC information on sanctioned organizations available for screening purposes.

The big questions left unanswered for industry is how a company can ensure compliance with US sanctions when there is very little data on the identity of an attacker and whether a company is expected to place OFAC sanctions paramount to its own survival in the face of an extortive ransomware attempt. The strongest take-away that companies can take from the notice is that, instituting procedures that include evaluating ransomware payments for compliance with sanctions, appropriately informing law enforcement in the event of an attack, and consulting OFAC sanctions lists and liaising with OFAC before making a cyber ransom payment, a potential ransomware victim can reduce its risk of suffering the “double whammy” of paying a ransom to an attacker that then results in a weighty US sanctions enforcement action.

KEYWORDS: cyber attack cyber security cyber threats ransomware

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Faulk ginger print

Ginger T. Faulk, partner at Eversheds Sutherland, represents multinational companies in matters involving US government regulation of foreign trade and investment. She has extensive experience advising and representing global companies, counseling clients in matters arising under U.S. sanctions, export controls, import and other national security and foreign policy trade-related regulations.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Unprepared Companies Vulnerable to Ransomware Attacks

    N.Y. Senator Carlucci Introduces Bill That Prohibits Paying Ransom

    See More
  • Compliance when it comes ransomware

    Beware of paying that ransomware threat

    See More
  • ransomware cyber freepik

    80% of executives will consider paying the ransom

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing