← Back to all briefings
Policy 5 min read Published Updated Credibility 40/100

Policy Briefing — OFAC issues advisory on ransomware payments and sanctions risk

The U.S. Treasury’s OFAC published an advisory on 1 October 2020 warning that facilitating ransomware payments to sanctioned actors could trigger civil penalties and urging stronger prevention and reporting practices.

Zeph Tech Research Lead

Research lead, Zeph Tech

Single-point timeline showing the publication date sized by credibility score.
Publication date and credibility emphasis for this briefing. Source data (JSON)

On 1 October 2020 the Office of Foreign Assets Control released an advisory cautioning financial institutions, cyber insurers, incident responders, and forensics firms that paying or routing ransomware proceeds to sanctioned entities may violate U.S. law. OFAC encouraged organizations to implement robust cybersecurity, promptly report incidents to law enforcement, and consider sanctions risks before engaging facilitators.

Risk and legal teams should integrate sanctions screening into ransomware playbooks, coordinate with counsel on payment decisions, and reinforce technical controls that reduce the likelihood of needing to negotiate with threat actors.

Single-point timeline showing the publication date sized by credibility score.
Publication date and credibility emphasis for this briefing. Source data (JSON)

Related briefings

Curated signals from the same pillar or overlapping topics.

Continue in the Policy pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • ransomware
  • sanctions
  • OFAC
  • incident response
Back to curated briefings