by Luke Dembosky, Avi Gesser, Satish Kini, HJ Brehmer, and Sarah Q. Smith
This is Part I of a two-part post. For Part II, click here.
On September 21, 2021, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) issued an updated advisory (PDF: 252 KB) (the “Advisory”) on sanctions risks associated with payments to threat actors in connection with cyber ransoms. The Advisory reminds companies that all parties associated with the payment of a cyber ransom—including victims, financial institutions, insurance firms and other companies facilitating payment—are responsible for ensuring that they do not violate U.S. law and can be subject to an OFAC enforcement action if they do.