Policy
Share this article

OFAC Warns That Firms Helping Victims With Ransomware Payouts Risk Violating Its Rules

If you assist a ransomware victim in paying out to cyber attackers, you could end up facing civil penalties, OFAC says.

By Daniel Palmer
Updated Sep 14, 2021, 10:04 a.m. Published Oct 5, 2020, 12:34 p.m.
U.S. Department of the Treasury
U.S. Department of the Treasury

The Office of Foreign Assets Control (OFAC) has warned that paying out to recover from ransomware attacks can be a breach of its rules.

STORY CONTINUES BELOW
Don't miss another story.Subscribe to the State of Crypto Newsletter today. See all newsletters
By signing up, you will receive emails about CoinDesk products and you agree to our terms of use and privacy policy.

  • In an advisory issued Friday, OFAC – a wing of the U.S. Department of the Treasury – said there's a sanctions risk with complying with such demands, which have increased since the start of the coronavirus pandemic.
  • The Office specifically pointed to companies that facilitate negotiations with cyber attackers regarding ransomware payouts.
  • Firms including financial institutions, insurance firms and others working in digital forensics, "not only encourage future ransomware payments demands but also may risk violating OFAC regulations," it said.
  • Ransomware is malicious software that propagates across computer networks and will lock up systems using encryption.
  • In order to receive a key to unlock their files and infrastructure, victims normally need to pay out a ransom in cryptocurrency.
  • OFAC cites data from the Federal Bureau of Investigation indicating ransomware demands rose by 37% in from 2018 to 2019, while the level of losses to such attacks rose 147% over the same period.
  • With OFAC responsible for issuing economic and trade sanctions against foreign nations or entities considered to infringe the U.S.'s foreign and security policies, it said that paying ransoms to those on its Specially Designated Nationals And Blocked Persons List could result in fines.
  • Civil penalties can be applied even if the payer did not know the recipient was on the list, the Office warned.
  • Such a situation may be mitigated if the entity facing a ransom demand submits a "timely and complete" report on the attack to law enforcement. Victims should also reach out to OFAC, according to the advisory.
  • The warning came the same day the U.S. Financial Crimes Enforcement Network (FinCEN) issued its own advisory on ransomware, stressing that governmental entities and financial, educational and health care institutions have been seeing more of these attacks.

Also read: Over $1M in Ryuk Ransomware Bitcoin Was ‘Cashed Out’ on Binance: Report

RansomwareRegulationOFACCoinFlash

More For You

Protocol Research: GoPlus Security

By CoinDesk Research
Nov 14, 2025
Commissioned byGoPlus
GP Basic Image

What to know:

  • As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
  • GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
  • Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
View Full Report

More For You

State of Crypto: Wrapping Up the Month

By Nikhilesh De
16 hours ago
U.S. Congress (Jesse Hamilton/CoinDesk)

Congress continues to make progress on crypto issues but things are moving slowly.

Read full story