Treasury Division points up to date steerage on ransomware funds – Enterprise Insurance
The Treasury Department's Office of Foreign Assets Control on Wednesday issued updated guidance on potential sanctions risk for ransomware payment facilitation and stated that in enforcing its policy it will consider reporting ransomware attacks to government agencies.
The guidelines are essentially the same as OFAC's warning issued last October that the US government is “strongly preventing” all private businesses and citizens from paying ransom or extortion demands.
An added section titled "Working with OFAC and Law Enforcement Agencies" states that another factor that will be considered in its enforcement policy is reporting ransomware attacks to the appropriate government agencies, "including whether or not there is an obvious one Violation of US Sanctions Is Voluntarily Disclosed ".
In these cases, it is “more likely” to issue a “non-public response” such as a “no action” or “cautionary letter”, according to the new guidelines.