Sullivan & Cromwell Discusses OFAC Ransomware Advisory Update

On September 21, 2021, the United States Department of the Treasury’s Office of Foreign Assets Control issued an Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, which provides additional guidance for companies facing ransomware attacks, or processing ransomware payments, on ways to mitigate the risks of a potential sanctions violation in connection with such payments.  The Updated Advisory incentivizes companies to proactively improve their information security systems and to promptly report ransomware attacks to U.S. government agencies by offering penalty mitigation under OFAC’s enforcement guidelines in the event a sanctions violation is later discovered.  Concurrent with the release … Read more