On November 28, OFAC took action against two Iranian individuals, Ali Khorashadizadeh and Mohammad Ghorbaniyan, for their alleged role facilitating payment to Iranian cyber hackers involved in the multi-year SamSam ransomware attacks. More specifically, Khorashadizadeh and Ghorbaniyan are alleged to have helped exchange digital currency (bitcoin) ransom payments generated by the scheme into Iranian rial. OFAC stated that the pair converted millions of US dollars' worth of digital currency into fiat payments to the hackers by processing the payments through two digital currency addresses, which OFAC also identified. The action marked the first time that OFAC has publically attributed digital currency addresses to designated individuals.

In announcing the action, OFAC emphasized that "[r]egardless of whether a transaction is denominated in a digital currency or traditional fiat currency, OFAC compliance obligations are the same." OFAC also published updated guidance pertaining to compliance requirements for digital currencies, including instructions for blocking digital currency belonging to SDNs.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.