The Cipher Brief
John Carlin was featured in The Cipher Brief’s coverage of the Office of Foreign Assets Control’s (OFAC) advisory reminding businesses that if they pay ransom to cyber hackers, they could be violating OFAC regulations.
“I think it’s good that there was guidance put out,” John said. “There have been a lot of questions and confusion around this. Companies want to do the right thing and getting clarity on what steps they’re supposed to take is a positive. In terms of enforcement, it’s a strict liability regime, but I hope the guidance is consistent with the goal to not re-victimize victims: if you follow the guidance and cooperate fully and openly with law enforcement early in an investigation and seek to use a vendor to make a payment, we’re not going to spend our time going after you, a victim who has followed the correct steps.”
Read the full article (subscription required).