Data Dive

President Joe Biden signed into law cyber legislation that requires, among other things, certain companies to report cyberattacks to the federal government within 72 hours, and ransomware payments within 24 hours. This post summarizes the key takeaways for affected companies in order to prepare for the new requirements.

On September 21, 2021, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) published an updated sanctions advisory, providing guidance to companies on sanctions compliance obligations related to ransomware payments. The bottom line: cyberattack victims should focus on defense and mitigation measures over a policy of paying out ransoms.¹