OFSI publishes ransomware guidance

OFSI has published financial sanctions guidance for ransomware. The guidance explains that the government uses the financial sanctions regime to target the ransomware threat actors who cause the highest harm to the UK. The guidance covers:

  • cyber sanctions legislation: the UK first introduced cyber sanctions designations in 2019, so that a number of key threat actors are designated such that anyone making funds or economic resources available to them commits a criminal offence. The guidance makes it clear that the UK would never encourage or condone ransomware payments in any event;
  • sectoral sanctions risk: the guidance explains that some broader sanctions regimes may also be relevant, for instance where they restrict any transfers of funds to a jurisdiction; and
  • licensing: while the guidance explains the licensing process, it notes that OFSI is unlikely to grant a licence for ransomware payments.

The guidance explains OFSI’s approach to enforcement and how businesses can mitigate their risks through due diligence and reporting of ransomware incidents.

Emma Radmore