OFAC Warns That Firms Helping Victims With Ransomware Payouts Risk Violating Its Rules

If you assist a ransomware victim in paying out to cyber attackers, you could end up facing civil penalties, OFAC says.

AccessTimeIconOct 5, 2020 at 12:34 p.m. UTC
Updated Sep 14, 2021 at 10:04 a.m. UTC
Consensus 2023 Logo
Join the most important conversation in crypto and Web3 taking place in Austin, Texas, April 26-28.
Consensus 2023 Logo
Join the most important conversation in crypto and Web3 taking place in Austin, Texas, April 26-28.

The Office of Foreign Assets Control (OFAC) has warned that paying out to recover from ransomware attacks can be a breach of its rules.

  • In an advisory issued Friday, OFAC – a wing of the U.S. Department of the Treasury – said there's a sanctions risk with complying with such demands, which have increased since the start of the coronavirus pandemic.
  • The Office specifically pointed to companies that facilitate negotiations with cyber attackers regarding ransomware payouts.
  • Firms including financial institutions, insurance firms and others working in digital forensics, "not only encourage future ransomware payments demands but also may risk violating OFAC regulations," it said.
  • Ransomware is malicious software that propagates across computer networks and will lock up systems using encryption.
  • In order to receive a key to unlock their files and infrastructure, victims normally need to pay out a ransom in cryptocurrency.
  • OFAC cites data from the Federal Bureau of Investigation indicating ransomware demands rose by 37% in from 2018 to 2019, while the level of losses to such attacks rose 147% over the same period.
  • With OFAC responsible for issuing economic and trade sanctions against foreign nations or entities considered to infringe the U.S.'s foreign and security policies, it said that paying ransoms to those on its Specially Designated Nationals And Blocked Persons List could result in fines.
  • Civil penalties can be applied even if the payer did not know the recipient was on the list, the Office warned.
  • Such a situation may be mitigated if the entity facing a ransom demand submits a "timely and complete" report on the attack to law enforcement. Victims should also reach out to OFAC, according to the advisory.
  • The warning came the same day the U.S. Financial Crimes Enforcement Network (FinCEN) issued its own advisory on ransomware, stressing that governmental entities and financial, educational and health care institutions have been seeing more of these attacks.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.