Skip Navigation
  • Careers
  • Report a Claim
  • Contact Us
Risk Strategies Logo
  • Industries

    • Agriculture
    • Architects & Engineers
    • Aviation
    • Cannabis
    • Construction
    • Dental
    • Education
    • Entertainment
    • Financial Services
    • Fine Art
    • Healthcare
    • Law Firms
    • Marine & Yacht
    • Nonprofit & Human Services
    • Private Equity
    • Public Sector
    • Real Estate
    • Relocation
    • Transportation
    • Waste & Recycling
    • Wineries
  • Solutions

      • Captives
      • Casualty
      • Cyber
      • Environmental
      • International
      • Management Liability
      • Property
      • Surety
      • Employee Benefits Overview
      • Benefit Administration and Technology
      • Benefits Compliance Support
      • Data & Analytics
      • Human Capital Advisory Services
      • International Benefits
      • Absence Management & Ancillary Programs
      • Voluntary & Lifestyle Benefits
      • Medicare
      • Financial & Wealth Overview
      • Life Insurance
      • Private Client Services Overview
      • Homeowners
      • Flood
      • Collections
      • Umbrella & Excess Liability
      • Auto
      • Collector & Exotic Car
      • Boat & Yacht
      • Travel Medical & Trip Insurance
      • Family Office
      • Cyber Insurance - Family Office
      • Cyber Insurance - Individuals
      • Specialty Coverages
      • Private Client Risk Resource Center
    • Reinsurance
      • Risk Management Services Overview
      • Analytics
      • Claims Management & Advocacy
      • Loss Control
      • Safety Consulting Services
      • Pro Safety Training Courses
      • Workers’ Comp: Premium Review & Recovery
  • Consulting

    • Consulting Overview
    • Actuarial Services
    • Healthcare Claim Audit Services
    • Health and Welfare
    • Mergers and Acquisitions
    • Pharmacy Consulting
    • Retirement Benefits
  • News and Insights

    • All Insights
    • Blog
    • Emergency Resource Centers
    • Employee Benefits Compliance Center
    • Events
    • Media Coverage
    • State of the Market Reports
    • Press Releases
    • Private Client Resources
    • Webinars
  • Company

    • About Us
    • Annual Report
    • Careers
    • Culture and Values
    • Diversity, Equity & Inclusion
    • Environmental, Social, & Governance
    • General Terms of Business
    • Leaders
    • Local Expertise
    • Mergers & Acquisitions
    • Recognition & Awards
    • Risk Strategies Foundation
    • Transparency and Disclosures
  • Join Us
    • Careers
    • Mergers & Acquisitions
  • Industries
    • Agriculture
    • Architects & Engineers
    • Aviation
      • Aviation Business Insurance - Manned Risk
      • Non-Owned Aviation
      • Unmanned Aerial System and Drones
    • Cannabis
    • Construction
      • Alternative Solutions
      • Financing & Pre-Construction
      • Insurance Solutions
      • Risk Management
      • Surety
    • Dental
      • Insurance for Dental Professionals
      • Dental Malpractice Insurance
      • BOP Insurance - Dental Practices & DSOs
      • Dental School Graduates
      • Dental Associates & Hygienists
      • Dental Practice Owners
      • Dental Service Organizations (DSOs)
    • Education
      • Employee Benefits for Education
      • Property, Casualty & Liability for Education
      • Student Health & Wellness
        • Student Health Brokerage and Consulting
        • Student Health Plan Administration
        • Student Health Insurance Plans
        • Solutions for Student Athletes
        • Student Health & Wellness Tools
        • Special Risk Insurance
    • Entertainment
      • Film & Television
      • Advertising Production Wrap Ups
      • Advertising/PR
      • Event Cancellation & Non-Appearance
      • Music & Touring
      • Theatrical Production & Live Performance 
      • Venue Insurance
    • Financial Services
      • Asset Managers
      • Banks & Non-Bank Lending
      • Collections
      • Consumer Financial Services
      • Financial Tech
      • Insurance Companies
    • Fine Art
      • Artists
      • Artist Endowed Foundations
      • Auction Houses
      • Fine Art Packers / Shippers / Warehouses
      • Galleries
      • Museums
      • Private Art Dealers / Advisors
      • Private Collectors
    • Healthcare
      • Employee Benefits - Healthcare
      • Managed Care / Stop Loss
      • Medical Malpractice
      • Property & Casualty - Healthcare
      • Reinsurance
    • Law Firms
    • Marine & Yacht
      • Boat & Yacht For Individuals
      • Commercial & Recreational Marine Businesses
        • Marine Businesses
        • Sailing Organizations - Burgee Program
      • Jackline Insurance Solutions for Cruisers
      • Mega Yachts
      • One-Design Insurance Program
      • Crew Medical Insurance
      • Sailors Health Insurance Program
      • US Sailing Insurance Solutions
    • Nonprofit & Human Services
    • Private Equity
      • Crypto Companies
    • Public Sector
      • Public Safety Organizations & Municipalities
    • Real Estate
      • Commercial
      • Community Associations
      • Hospitality
      • Residential / Habitational
      • REITs
      • Retail
      • Specialty Programs
    • Relocation
      • Domestic Household Goods
      • Expat Renters & Living Insurance
      • Relocation Claims Service
      • International Household Goods
      • Supplemental Movers Coverage
      • Temporary Living Insurance
      • Vacant Home
    • Transportation
      • Business Auto Insurance
      • Last Mile Delivery
      • While Under Dispatch Insurance
      • Forwarding & Brokering
      • Workers' Compensation
    • Waste & Recycling
    • Wineries
  • Solutions
    • Commercial Insurance
      • Captives
      • Casualty
        • Analytics
        • Auto Liability & Physical Damage
        • Captives & Alternative Risk Financing
        • Claims Advocacy & Loss Control
        • Excess Liability
        • General Liability
        • Product Recall
        • Workers' Compensation
      • Cyber
        • Cyber Resolute
        • Cyber Risk Assessment and Analytics
        • Cyber Risk Response & Claims Advocacy
        • Cyber Insurance - Family Office
        • Cyber Insurance - Individuals
      • Environmental
        • Contractors Pollution Liability
        • Environmental Excess
        • Environmental Liability Transfer
        • Environmental Liability - Healthcare
        • Environmental Liability - Higher Education
        • Pollution Legal Liability
        • Environmental Liability - Private Equity
        • Professional Environmental Liability Insurance
        • Real Estate Development
        • Remediation Cost Cap
        • Secured Creditor Protection for Lenders
        • Underground Storage Tanks
      • International
      • Management Liability
        • Management Liability - Entertainment
        • Management Liability - Financial Institutions
        • Management Liability - Healthcare
        • Management Liability - Real Estate
      • Property
        • Builder's Risk
        • Property Claims Services
        • Inland Transit and Ocean Cargo
        • Natural Hazard Catastrophe Modeling
        • Political Violence and Terrorism
        • Property Damage & Business Interruptions Valuations
        • Property Loss Prevention and Control
      • Surety
    • Employee Benefits
      • Employee Benefits Overview
      • Benefit Administration and Technology
      • Benefits Compliance Support
      • Data & Analytics
      • Human Capital Advisory Services
      • International Benefits
      • Absence Management & Ancillary Programs
      • Voluntary & Lifestyle Benefits
      • Medicare
    • Financial & Wealth
      • Financial & Wealth Overview
      • Life Insurance
    • Private Client Services
      • Private Client Services Overview
      • Homeowners
      • Flood
      • Collections
      • Umbrella & Excess Liability
      • Auto
      • Collector & Exotic Car
      • Boat & Yacht
      • Travel Medical & Trip Insurance
      • Family Office
      • Cyber Insurance - Family Office
      • Cyber Insurance - Individuals
      • Specialty Coverages
      • Private Client Risk Resource Center
    • Reinsurance
    • Risk Management Services
      • Risk Management Services Overview
      • Analytics
      • Claims Management & Advocacy
      • Loss Control
      • Safety Consulting Services
      • Pro Safety Training Courses
      • Workers’ Comp: Premium Review & Recovery
  • Consulting
    • Consulting Overview
    • Actuarial Services
    • Healthcare Claim Audit Services
    • Health and Welfare
    • Mergers and Acquisitions
    • Pharmacy Consulting
    • Retirement Benefits
  • News and Insights
    • All Insights
    • Blog
    • Emergency Resource Centers
      • Cybersecurity
      • Earthquake
      • Hurricane
      • Pandemic
      • Riot & Civil Unrest
      • Severe Storms
      • Violence & Active Shooter
      • Wildfire
      • Winter Weather
    • Employee Benefits Compliance Center
    • Events
    • Media Coverage
    • State of the Market Reports
    • Press Releases
    • Private Client Resources
    • Webinars
  • Company
    • About Us
    • Annual Report
    • Careers
    • Culture and Values
    • Diversity, Equity & Inclusion
      • BeHEARD Series
      • DE&I Structure
      • Employee Resource Groups
    • Environmental, Social, & Governance
    • General Terms of Business
    • Leaders
    • Local Expertise
    • Mergers & Acquisitions
    • Recognition & Awards
    • Risk Strategies Foundation
    • Transparency and Disclosures
      • General Terms of Business
      • Conflict of Interest Policy
      • Compensation Disclosure
      • Enterprise Risk Management
  • Join Us
    • Careers
      • Benefits & Wellness
      • Investing in Growth & Leadership
      • Life at Risk Strategies
      • Next Steps
    • Mergers & Acquisitions
      • Partnership Benefits
      • Why Join Us?
      • Onboarding & Integration
  • Careers
  • Report a Claim
  • Contact Us

You are about to leave Risk Strategies website and view the content of an external website.

You are leaving risk-strategies.com

By accessing this link, you will be leaving Risk Strategies website and entering a website hosted by another party. Please be advised that you will no longer be subject to, or under the protection of, the privacy and security policies of Risk Strategies website. We encourage you to read and evaluate the privacy and security policies of the site you are entering, which may be different than those of Risk Strategies.

OK
  • News and Insights
  • Blog
Subscribe

Subscribe via Email

  • News and Insights
  • Blog
October 22, 2020

Ransomware Sanctions

Cyber
3 min read
Rob Rosenzweig
  • Facebook
  • X (Twitter)
  • LinkedIn
  • Email
Ransomware Sanctions
  • Facebook
  • X (Twitter)
  • LinkedIn
  • Email

The Office of Foreign Assets Control (OFAC) has issued an advisory for businesses who may find themselves victims of ransomware attacks. The advisory warns that making payments to cyber criminals could violate anti-money laundering sanctions. It also applies to incident response and insurance companies that help facilitate ransomware payments.

The sudden announcement from the U.S. Treasury department has alarmed some businesses who are now left wondering if they will face penalties for paying ransom demands and whether Cyber insurance is still viable. In truth, nothing has fundamentally changed. This advisory simply reiterates what we already knew.

Longstanding Regulations

OFAC maintains a Specially Designated Nationals and Blocked Persons List, and any person or institution in the U.S. that does business with someone on that list, knowingly or unknowingly, may face civil liability. These regulations, however, have been in place for some time.

OFAC likely issued the advisory in response to the dramatic increase in ransomware attacks this past year, which went up by 50% worldwide in just the past three months, according to research conducted by Check Point Software Technologies Ltd. In light of these concerning numbers, OFAC is simply urging businesses to make sure they are in compliance with federal regulations if and when they decide to make ransom payments, to ensure they are not paying criminals on the Blocked Persons List. The U.S. government is well aware of the complications of ransomware attacks, and of the costs involved for businesses. All businesses are urged to follow federal guidance and report any attack to the authorities.

What the Advisory Means for You

In order to make ransom payments that are in compliance with U.S. law, businesses – and the firms and insurers that facilitate ransom payments – need to reference lists maintained by OFAC and immediately report the event.

Businesses need to make sure they are doing their due diligence in the wake of a ransomware attack. Utilizing Cyber insurance and the reputable law firms and forensic incident response vendors provided by insurers is the easiest way to do this. These vendors will coordinate reporting to law enforcement and ensure cooperation with any steps they are instructed to take by federal authorities. Being able to demonstrate this timely compliance may be the most important factor OFAC considers.

Furthermore, the forensic vendors understand the process and are required to abide by their own compliance measures and can provide a report of their efforts. They should demonstrate that they performed automated and manual searches of publicly available threat intelligence for sanctions, including the Blocked Persons List on the OFAC website, and the consolidated lists of sanctions from the European Union and the United Nations Security Council.

OFAC can still choose to pursue sanctions even after weighing these mitigating factors, but doing this thorough due diligence will help businesses make a strong case for themselves by demonstrating their intent to follow the law.

Future OFAC Actions

Will OFAC decide to increase scrutiny of ransomware payments, or prevent businesses from making them altogether? That doesn’t appear to be the case. OFAC is opposed in principal to making ransomware payments, believing that it encourages cyber criminals to conduct more attacks and does not guarantee future protection. However, it also recognizes that some businesses will have to pay to avoid huge business interruption costs. Other federal entities such as the FBI are willing to focus more on disrupting cyber threats than enforcing OFAC rules.

For all intents and purposes, this advisory was simply a timely reminder to make sure that businesses and their vendors are reporting attacks and following federal guidance. And during a time when we are facing unprecedented spikes in ransomware attacks, making sure that we are doing our due diligence to protect ourselves and clients from risk is something we should all be doing in any case.

Want to learn more?

Find me on LinkedIn, here.

Connect with the Risk Strategies Cyber Risk team at cyber@risk-strategies.com.

Email me directly at rrosenzweig@risk-strategies.com.

The contents of this article are for general informational purposes only and Risk Strategies Company makes no representation or warranty of any kind, express or implied, regarding the accuracy or completeness of any information contained herein. Any recommendations contained herein are intended to provide insight based on currently available information for consideration and should be vetted against applicable legal and business needs before application to a specific client. 

Related Posts

See all posts

Transportation Cyber
4 min read
May 14, 2025

How Cybercrime is Hijacking the Supply Chain: Cargo Theft, Fraud, and Insurance Gaps

Cyber risk is no longer just the IT department's problem in today's fast-moving transportation …
Read article
Cyber Risk
5 min read
April 02, 2025

The Future of Risk: Cyber Threats Affecting Businesses in 2025

Editor’s note: The way businesses approach risk is undergoing a fundamental shift. This article is …
Read article
Cyber
5 min read
March 26, 2025

Understanding the 23andMe Data Breach and Ensuring Cybersecurity

- UPDATE - From breach to bankruptcy: 23andMe’s data fallout continues Little more than 18 months …
Read article
Risk Strategies Logo
  • Report a Claim
  • Contact
  • Terms of Use
  • Cookie Policy
  • Privacy Policy
  • Consumer Health Data Privacy Notice
  • Accessibility
  • Health Plan Transparency Compliance
  • Accessibility
  • Cookie Policy
  • Health Plan Transparency Disclosure
  • Privacy Policy
  • Terms of Use
©2025 Risk Strategies. All rights reserved.

Connect with Us

  • LinkedIn
  • X
  • Instagram
  • Facebook