Earlier this month, a major U.S. agency released new guidelines on paying money to sanctioned groups in the event of a ransomware cyberattack. These guidelines mark a meaningful shift in how the U.S. government is looking to apply sanctions to cybersecurity problems. 

On Oct. 1, 2020, the U.S. Office of Foreign Assets Control (OFAC) released the guidelines, which essentially tell cybersecurity and cyber-insurance companies that they could face fines or other penalties for paying ransoms to sanctioned entities.

Ransomware attacks typically involve a perpetrator who deploys malware onto a computer system and blocks access