Managing Risk and Compliance in Ransomware Contexts

This guide addresses the management of risk and compliance in relation to ransomware incidents affecting corporations. It outlines the challenges posed by recent guidance from the U.S. Department of the Treasury regarding ransom payments to individuals on the Specially Designated Nationals and Blocked Persons List. The document presents a framework for corporate managers to navigate the complexities of potential ransom payments, emphasizing the importance of proactive measures to avoid such dilemmas. Key topics discussed include recent guidance from OFAC and FinCen relevant to ransomware payments, the role of cryptocurrency in these transactions, and when to report ransomware events to law enforcement. Additionally, it details effective compliance strategies aimed at minimizing risk across various scenarios and highlights the significance of cyber-insurance in risk management. The program is led by experienced professionals in cybercrime and compliance, targeting legal and security professionals responsible for corporate responses to ransomware incidents.