On May 7, 2024, the Office of Financial Sanctions Implementation (OFSI) published guidance on financial sanctions for ransomware.
Ransom payments harm national security and the economy, leaving networks vulnerable. The UK government urges all victims and those assisting them to report ransomware incidents to Action Fraud, Police Scotland, and the National Cyber Security Centre (NCSC).
To mitigate financial sanctions risks, individuals and entities should implement NCSC’s cyber resilience and due diligence measures.
OFSI provides the following steps to tackle a ransomware attack:
- • Disconnect the infected device from all network connections immediately.
- • Use the cyber incident portal to report the ransomware attack and ransom demand promptly.
- • Implement thorough due diligence to prevent financial sanctions breaches, such as attempting data restoration from backups to avoid payments.
- • Consider compliance with other jurisdictions’ requirements, especially if dealing with individuals, entities, or countries subject to sanctions elsewhere.
- • Report breaches under UK GDPR or the Data Protection Act 2018 to the Information Commissioner’s Office (ICO).
- • Report the incident to the sector regulator if applicable to meet regulatory obligations.
- • Seek independent legal advice when necessary.
