A guide for boards and companies facing ransomware demands
Oct 25, 2021
On September 21, 2021, the U.S. Department of the Treasury announced a set of actions designed to counter ransomware, principally by discouraging ransomware payments. The Department of the Treasury’s Office of Foreign Assets Control’s (“OFAC”) for the first time designated a virtual currency exchange for facilitating financial transactions for ransomware actors. OFAC also issued an updated advisory about ransomware that, among other things, emphasized that the U.S. government continues to strongly discourage ransomware payments and strongly encourage reporting to and cooperating with government agencies in the event of an attack.
Though the Department of the Treasury’s actions do not prohibit victim companies from paying ransoms, they add another layer of complexity for victim companies deciding whether to pay. Paying a ransom carries short-term and long-term consequences, carries legal and regulatory risk, as highlighted by the Department of the Treasury’s recent actions, and could shape the outlook and reputation of a company for years to come.
Review the guide on Milbank General Counsel's website.