New OFSI guidance: Ransomware and Sanctions
Making ransomware payments to an individual or entity subject to an asset freeze is a breach of sanctions and punishable by law, the United Kingdom’s Office of Foreign Sanctions Implementation (‘OFSI’) warns in its new ‘Guidance on Ransomware and Financial Sanctions.’
Published 13 February, it covers information on cyber sanctions legislation, sectoral sanctions risk and licensing.
According to the guidance: ‘HMG has and will take strong action against ransomware threat actors, including the use of financial sanctions. Financial sanctions prohibit making funds or economic resources available to an individual or entity subject to an asset freeze, including through a ransomware payment.
‘Breaches of financial sanctions are a serious criminal offence and can carry a custodial sentence and/or the imposition of a monetary penalty.
‘If the mitigating steps outlined in this guidance are taken, OFSI and the National Crime Agency (NCA) would be more likely to resolve a breach case involving a ransomware payment through means other than a monetary penalty or a criminal investigation.’
