Ransomware attacks have become more sophisticated and widespread, affecting almost everyone from large corporations, small and medium-sized businesses, government agencies, non-profit organizations, hospital systems to individual consumers. Once a computer network or system is infected by ransomware, cybercriminals encrypt the victim’s files and demand a ransom in exchange for a decryption key. Victims often have no choice but to pay ransomware ransoms to regain access to their files. Is it legal to pay ransomware ransoms to hackers?
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) recently issued an advisory regarding ransomware payments. There has been very little mention or analysis of the ‘Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments.” This is surprising since the document questions the legality of paying ransomware ransoms.
According to the advisory, there are “sanctions risks associated with ransomware payments related to malicious cyber-enabled activities.”
