top of page

US Treasury's OFAC Adopts Collaborative Approach to Ransomware Incidents: A Paradigm Shift in Cybersecurity Enforcement

In a surprising departure from its traditional role as a strict enforcer of sanctions, the US Treasury Department's Office of Foreign Assets Control (OFAC) is signaling a more collaborative stance, aiming to assist companies grappling with the aftermath of ransomware attacks. Kristen Berg, the senior compliance officer at OFAC, highlighted the agency's commitment to providing guidance and support, moving away from a confrontational approach that has been its hallmark.

US Treasury's OFAC Adopts Collaborative Approach to Ransomware Incidents: A Paradigm Shift in Cybersecurity Enforcement

OFAC's Ransomware Advisory and Changing Dynamics

OFAC, renowned for its stringent sanctions enforcement, had released a ransomware advisory in September 2021, outlining the associated risks linked to ransom payments. The agency strictly prohibits US individuals and companies from engaging in transactions with sanctioned entities, including making ransom payments. The shifting dynamics of cyber threats and the surge in ransomware incidents seem to have prompted OFAC to reassess its approach and take on a more collaborative role.

Encouraging Proactive Cybersecurity Measures

Berg outlined OFAC's primary objective as encouraging companies to proactively implement robust cybersecurity measures to prevent falling victim to ransom attacks. The emphasis is on prevention, urging companies to stay vigilant and update their cybersecurity defenses regularly. The collaborative approach involves a shared responsibility between the government and the private sector to enhance overall cybersecurity resilience.

Prompt Reporting and Mitigating Penalties

Berg urged companies to promptly report ransomware incidents to OFAC, even in cases where the involvement of sanctioned entities is uncertain or if a ransom has already been paid. This reporting, far from being punitive, is positioned as a cooperative effort. Moreover, reporting incidents, even those involving ransom payments, can be considered a mitigating factor in penalty calculations. OFAC's willingness to consider cooperation as a positive aspect reflects a more nuanced and collaborative strategy.


Gathering Threat Intelligence for Enhanced Prevention

To determine if a sanctioned entity is linked to a ransomware attack, Berg recommended checking OFAC's sanctions lists, covering various regions, including Russia and North Korea. The agency is keen on gathering information about threat actors involved in ransom attacks to enhance its ability to track and prevent such incidents. This intelligence-sharing initiative highlights the collaborative nature of the new approach.

Candor in Reporting and Discretion in Enforcement

Berg stressed the importance of companies providing details about threat actors, even in cases where a ransom has been paid. This emphasis on transparency and candor in reporting showcases OFAC's intention to understand the intricacies faced by companies dealing with the aftermath of cyber threats. The agency aims to exercise discretion, issuing cautionary letters instead of fines in certain situations, indicating a commitment to understanding the complexities faced by affected entities.

A Shift Towards Collaborative Cybersecurity

This unexpected move by OFAC signifies a shift toward a more collaborative and supportive role in addressing the growing threat landscape posed by ransomware attacks. The agency's willingness to extend a helping hand to affected companies reflects a broader recognition of the evolving nature of cybersecurity challenges and the need for collective efforts to combat cyber threats.


In summary, OFAC's move suggests a nuanced approach to cybersecurity challenges, acknowledging the need for cooperation and assistance rather than focusing solely on enforcement measures. This cooperative stance underscores the recognition of the evolving cyber threat landscape and the importance of a collective response to safeguard against such challenges. OFAC's transition from a strict enforcer to a collaborative partner in cybersecurity marks a paradigm shift in how government agencies approach and respond to the dynamic and complex nature of cyber threats.



bottom of page