This step-by-step guide highlights exactly when sanctions compliance requirements are triggered during a ransomware attack. Ensuring that ransom payments are not directed to sanctioned actors, like REvil, enables incident response firms to avoid sanctions violations and cyber insurance providers to respond to claims.

In October 2021, the US Treasury's sanctions authority, the Office of Foreign Assets Control (OFAC), issued sanctions compliance guidance for the cryptocurrency industry. Castellum.AI has helped its users meet or exceed the specific steps mentioned in the guidance document recommendations since January 2021.