The US government has issued new ransomware guidance, as well as an advisory alerting security companies who assist victims of ransomware attacks by facilitating payments to designated cyber criminals attackers that they face potential sanctions risks under American law.
The advisory – which can be read in full here – was issued by the Department of the Treasury’s Office of Foreign Assets Control (OFAC), contains a stark warning that financial institutions, cyber security insurance firms and companies involved in digital forensics and incident response risk violating OFAC regulations if they are found to have assisted in making a payment.