├── CNAME
├── README.md
├── aboutme.html
├── data.yml
├── data_yml_update.py
├── favicon.ico
├── index.html
├── isitlegal.png
├── merged-data.geojson
├── script.js
└── styles.css


/CNAME:
--------------------------------------------------------------------------------
1 | isitlegaltopay.com


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Is it legal to pay a ransom #ransomlegality
2 | Can you pay the ransom in your country or state? That's the question I kept asking myself. Then I started making a list, and a couple of months later, I realized I wanted a map and a project with chatGPT. So that's how we got here. I wrote the whole website and scripts using chatGPT. If you see wrong or outdated data, please feel free to do a PR! 
3 | 
4 | 
5 | isitlegaltopay.com 
6 | 


--------------------------------------------------------------------------------
/aboutme.html:
--------------------------------------------------------------------------------
  1 | <!DOCTYPE html>
  2 | <html lang="en">
  3 | <!-- Google tag (gtag.js) -->
  4 | <script async src="https://www.googletagmanager.com/gtag/js?id=G-PQN28R8KZD"></script>
  5 | <script>
  6 |   window.dataLayer = window.dataLayer || [];
  7 |   function gtag(){dataLayer.push(arguments);}
  8 |   gtag('js', new Date());
  9 | 
 10 |   gtag('config', 'G-PQN28R8KZD');
 11 | </script>
 12 | <head>
 13 |     <meta charset="UTF-8">
 14 |     <meta name="viewport" content="width=device-width, initial-scale=1.0">
 15 |   
 16 |     <!-- Google tag (gtag.js) -->
 17 |     <script async src="https://www.googletagmanager.com/gtag/js?id=G-PQN28R8KZD"></script>
 18 |     <script>
 19 |       window.dataLayer = window.dataLayer || [];
 20 |       function gtag(){dataLayer.push(arguments);}
 21 |       gtag('js', new Date());
 22 | 
 23 |       gtag('config', 'G-PQN28R8KZD');
 24 |     </script>
 25 | 
 26 | 
 27 |     <title>About Me</title>
 28 |     <style>
 29 |         /* Setting the vintage terminal look */
 30 |         body {
 31 |             font-family: 'Courier New', Courier, monospace;
 32 |             font-size: 16px;
 33 |             line-height: 1.6;
 34 |             color: #0F0;
 35 |             background-color: #000;
 36 |             margin: 0;
 37 |             padding: 40px;
 38 |             overflow-x: hidden;
 39 |         }
 40 | 
 41 |         section {
 42 |             margin-bottom: 20px;
 43 |         }
 44 | 
 45 |         h2 {
 46 |             background-color: #005500;
 47 |             padding: 5px;
 48 |             margin-top: 30px;
 49 |             margin-bottom: 10px;
 50 |         }
 51 | 
 52 |         a {
 53 |             color: #00FF00;
 54 |             text-decoration: none;
 55 |             border-bottom: 1px dashed #0F0;
 56 |         }
 57 | 
 58 |         a:hover {
 59 |             color: #00AA00;
 60 |         }
 61 |     </style>
 62 | </head>
 63 | 
 64 | <body>
 65 | 
 66 |     <!-- Who I am section -->
 67 |     <section>
 68 |         <h2>Who am I?</h2>
 69 |         <p>
 70 |             Howdy! I've been doing cybersecurity for 20+ years, but recently, ransomware has fascinated me. Part of my job has been doing press interviews, and one question has repeatedly been, "Should victims pay the ransom?". I've never been quite sure; it's very personal with good reasons to pay or NOT pay, but I was never sure if it was legal. Thus, this website was born. Also, I wanted to play with ChatGPT 4.0... which is how all the website was built.
 71 |         </p>
 72 |     </section>
 73 | 
 74 |     <!-- What the point of this page is section -->
 75 |     <section>
 76 |         <h2>The Purpose of This Page</h2>
 77 |         <p>
 78 |             Honestly, I am just trying to visually display all the information I have found regarding the legality of ransomware (or, more accurately, cyber extortion) ransom payments. It's not always perfect, and my ability to read only one language has made this challenging, but hopefully, it will be helpful to you!
 79 |         </p>
 80 |     </section>
 81 | 
 82 |     <!-- How to get a hold of me section -->
 83 |     <section>
 84 |         <h2>Contact Me</h2>
 85 |         <p>
 86 |             If you'd like to get in touch, feel free to hit me up on <a href="https://twitter.com/meansec" target="_blank">Twitter</a> or feel free to be more corporate and find me on <a href="https://linkedin.com/in/meansec" target="_blank">LinkedIn</a>.
 87 |         </p>
 88 |     </section>
 89 | 
 90 |     <!-- When it was last updated section -->
 91 |     <section>
 92 |         <h2>Last Updated</h2>
 93 |         <p>
 94 |             This page was last updated October 2023.
 95 |         </p>
 96 |     </section>
 97 | 
 98 |     <section>
 99 |         <h2>Disclaimer</h2>
100 |         <p>
101 |             The information contained in this website was compiled by the author in their personal capacity; the website represents the views and opinions of the author and does not necessarily represent the views or opinions of Splunk Inc. or its subsidiaries or affiliates (collectively “Splunk”).
102 | 
103 |         </p>
104 |     </section>
105 | 
106 | 
107 | 
108 | </body>
109 | 
110 | </html>
111 | 


--------------------------------------------------------------------------------
/data.yml:
--------------------------------------------------------------------------------
  1 | AUS:
  2 |   citation1: https://www.cyber.gov.au/report-and-recover/recover-from/ransomware
  3 |   citation2: https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r6730
  4 |   color: orange
  5 |   info: As of today it is not illegal to pay ransom in Australia but it is highly
  6 |     discouraged. However, there is legislation in progress (Ransomware Payments Bill 2021) to establishe a mandatory requirement for Commonwealth, state or territory entities, corporations and partnerships to report to the Australian Cyber Security Centre ransomware payments paid in response to a ransomware attack.
  7 | Alabama:
  8 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
  9 |   color: yellow
 10 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
 11 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
 12 |     all private companies and citizens from paying ransom or extortion demands and
 13 |     recommends focusing on strengthening defensive and resilience measures to prevent
 14 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
 15 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
 16 |     maybe held civilly liable even if such person did not know or have reason to know
 17 |     that it was engaging in a transaction that was prohibited under sanctions laws
 18 |     and regulations administered by OFAC.
 19 | Alaska:
 20 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
 21 |   color: yellow
 22 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
 23 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
 24 |     all private companies and citizens from paying ransom or extortion demands and
 25 |     recommends focusing on strengthening defensive and resilience measures to prevent
 26 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
 27 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
 28 |     maybe held civilly liable even if such person did not know or have reason to know
 29 |     that it was engaging in a transaction that was prohibited under sanctions laws
 30 |     and regulations administered by OFAC.
 31 | Arizona:
 32 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
 33 |   color: yellow
 34 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
 35 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
 36 |     all private companies and citizens from paying ransom or extortion demands and
 37 |     recommends focusing on strengthening defensive and resilience measures to prevent
 38 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
 39 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
 40 |     maybe held civilly liable even if such person did not know or have reason to know
 41 |     that it was engaging in a transaction that was prohibited under sanctions laws
 42 |     and regulations administered by OFAC.
 43 | Arkansas:
 44 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
 45 |   color: yellow
 46 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
 47 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
 48 |     all private companies and citizens from paying ransom or extortion demands and
 49 |     recommends focusing on strengthening defensive and resilience measures to prevent
 50 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
 51 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
 52 |     maybe held civilly liable even if such person did not know or have reason to know
 53 |     that it was engaging in a transaction that was prohibited under sanctions laws
 54 |     and regulations administered by OFAC.
 55 | CAN:
 56 |   citation1: https://www.mondaq.com/canada/security/1060944/ransomware--privacy-law-sanctions-and-the-pandemic
 57 |   color: green
 58 |   info: While there are financial and ethical considerations at play, paying a ransom
 59 |     to a criminal is, generally speaking, not illegal in Canada. However, it is a
 60 |     crime to give financial aid to designated individuals and organizations that are
 61 |     deemed terrorists or otherwise on applicable sanctions lists or from embargoed
 62 |     countries. Entities considering paying a ransom should conduct due- diligence
 63 |     and contemporaneously document their findings in order to show that they undertook
 64 |     reasonable steps to ascertain the identity of the attackers. Most penalties for
 65 |     violating Canadian sanctions include knowledge qualifiers, so payors should be
 66 |     in a position to demonstrate the steps they took to ensure that a ransom payment
 67 |     did not violate such provisions. In the United States, OFAC released guidance
 68 |     on this issue, and Canadian organizations with ties to the US should be acutely
 69 |     aware of the risks and expectations.
 70 | CHE:
 71 |   citation1: https://www.pwc.ch/en/insights/cybersecurity/ransom-payment.html
 72 |   color: green
 73 |   info: According to the Swiss Criminal Code, paying a ransom is not per se a criminal
 74 |     offense. But it might have legal consequences for other reasons
 75 | California:
 76 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
 77 |   color: yellow
 78 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
 79 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
 80 |     all private companies and citizens from paying ransom or extortion demands and
 81 |     recommends focusing on strengthening defensive and resilience measures to prevent
 82 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
 83 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
 84 |     maybe held civilly liable even if such person did not know or have reason to know
 85 |     that it was engaging in a transaction that was prohibited under sanctions laws
 86 |     and regulations administered by OFAC.
 87 | Colorado:
 88 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
 89 |   color: yellow
 90 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
 91 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
 92 |     all private companies and citizens from paying ransom or extortion demands and
 93 |     recommends focusing on strengthening defensive and resilience measures to prevent
 94 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
 95 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
 96 |     maybe held civilly liable even if such person did not know or have reason to know
 97 |     that it was engaging in a transaction that was prohibited under sanctions laws
 98 |     and regulations administered by OFAC.
 99 | Connecticut:
100 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
101 |   color: yellow
102 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
103 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
104 |     all private companies and citizens from paying ransom or extortion demands and
105 |     recommends focusing on strengthening defensive and resilience measures to prevent
106 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
107 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
108 |     maybe held civilly liable even if such person did not know or have reason to know
109 |     that it was engaging in a transaction that was prohibited under sanctions laws
110 |     and regulations administered by OFAC.
111 | DC:
112 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
113 |   color: yellow
114 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
115 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
116 |     all private companies and citizens from paying ransom or extortion demands and
117 |     recommends focusing on strengthening defensive and resilience measures to prevent
118 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
119 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
120 |     maybe held civilly liable even if such person did not know or have reason to know
121 |     that it was engaging in a transaction that was prohibited under sanctions laws
122 |     and regulations administered by OFAC.
123 | DEU:
124 |   citation1: https://www.cliffordchance.com/content/dam/cliffordchance/briefings/2020/12/Ransomware%20Playbook%20-%20Prevention%20and%20Response.pdf'
125 |   color: green
126 |   info: As in the United States, paying a ransom is not in and of itself a criminal
127 |     offense in Germany. However, the US sanctions regime may also apply to German
128 |     companies and therefore the considerations summarized above should be taken into
129 |     consideration on a case-by-case basis.
130 | Delaware:
131 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
132 |   color: yellow
133 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
134 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
135 |     all private companies and citizens from paying ransom or extortion demands and
136 |     recommends focusing on strengthening defensive and resilience measures to prevent
137 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
138 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
139 |     maybe held civilly liable even if such person did not know or have reason to know
140 |     that it was engaging in a transaction that was prohibited under sanctions laws
141 |     and regulations administered by OFAC.
142 | FRA:
143 |   citation1: https://cms.law/en/fra/news-information/ransomware-attack#:~:text=Under%20French%20law%2C%20no%20legal,designated%20on%20international%20sanction%20lists.
144 |   color: green
145 |   info: Under French law, no legal text formally prohibits the payment of a ransom
146 |     in the event of a ransomware attack. However, although the typology of attackers
147 |     is very diversified and obscure, some attacks can be sponsored by terrorist organisations
148 |     or by individuals designated on international sanction lists. Paying a ransom,
149 |     or helping to pay it, to these groups, therefore, exposes the victim to potential
150 |     criminal and administrative charges for the financing of terrorism or money laundering.
151 |     Article 421-2-2 of the French Criminal Code punishes in particular the financing
152 |     of terrorism, and as such provides that It is also an act of terrorism to finance
153 |     a terrorist enterprise, by providing, collecting or managing any funds, securities
154 |     or property or by giving advice for that purpose, with the intention of seeing
155 |     such funds, securities or property used or with the knowledge that they are intended
156 |     to be used, in whole or in part, for the purpose of committing any of the acts
157 |     of terrorism provided in this chapter, regardless of the possible occurrence of
158 |     such an act. When it comes to money laundering, article 324-1 of the FrenchCriminal
159 |     Code also punishes the fact of facilitating, by any means, the false justification
160 |     of the origin of properties or incomes of the perpetrator of a crime or of an
161 |     offense having given him a direct or indirect profit. Committing these acts is
162 |     liable to up to ten years imprisonment and fines of up to EUR 1,875,000 for companies
163 |     [6]. Companies subject to the anti-money laundering and terrorism financing obligations
164 |     provided for by the Monetary and Financial Code also incur administrative sanctions
165 |     of a maximum amount of EUR 100m or 10% of their turnover [7].
166 | Florida:
167 |   citation1: http://custom.statenet.com/public/resources.cgi?id=ID:bill:FL2022000H7055&ciq=ncsl&client_md=873221c8bbff89a3b5b060ab949b22da&mode=current_text
168 |   citation2: https://www.flsenate.gov/Laws/Statutes/2023/0282.3186#:~:text=The%20Florida%20Senate,-Home&text=282.3186%20Ransomware%20incident%20compliance.,comply%20with%20a%20ransom%20demand.
169 |   color: red
170 |   info: 'A state agency as defined in s. 282.318(2), a county, or a municipality experiencing a ransomware incident may not pay or otherwise comply with. Furthermore Florida, requires state agencies and local governments to report ransomware incidents
171 |     to certain entities within specified timeframes. Requires an annual ransomware
172 |     incident report be submitted to the Governor and the Legislature.'
173 | GBR:
174 |   citation1: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1135587/Ransomware___Sanctions_guidance__Feb_2023_.pdf
175 |   citation2: https://www.cliffordchance.com/content/dam/cliffordchance/briefings/2020/12/Ransomware%20Playbook%20-%20Prevention%20and%20Response.pdf
176 |   color: green
177 |   info: His Majesty’s Government (HMG) does not condone the making of ransomware payments.
178 |     Much as in the United States, there is no blanket ban on ransom payments in the
179 |     United Kingdom, although companies should remain wary of counter-terrorism, anti-
180 |     money laundering and sanction provisions. For instance, under s15(3) and s17 of
181 |     the Terrorism Act 2000, a party will be liable for a ransomware payment if they
182 |     knew or had reasonable cause to suspect that the funds would or may be used for
183 |     the purposes of terrorism
184 | Georgia:
185 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
186 |   color: yellow
187 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
188 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
189 |     all private companies and citizens from paying ransom or extortion demands and
190 |     recommends focusing on strengthening defensive and resilience measures to prevent
191 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
192 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
193 |     maybe held civilly liable even if such person did not know or have reason to know
194 |     that it was engaging in a transaction that was prohibited under sanctions laws
195 |     and regulations administered by OFAC.
196 | Hawaii:
197 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
198 |   color: yellow
199 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
200 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
201 |     all private companies and citizens from paying ransom or extortion demands and
202 |     recommends focusing on strengthening defensive and resilience measures to prevent
203 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
204 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
205 |     maybe held civilly liable even if such person did not know or have reason to know
206 |     that it was engaging in a transaction that was prohibited under sanctions laws
207 |     and regulations administered by OFAC.
208 | Idaho:
209 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
210 |   color: yellow
211 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
212 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
213 |     all private companies and citizens from paying ransom or extortion demands and
214 |     recommends focusing on strengthening defensive and resilience measures to prevent
215 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
216 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
217 |     maybe held civilly liable even if such person did not know or have reason to know
218 |     that it was engaging in a transaction that was prohibited under sanctions laws
219 |     and regulations administered by OFAC.
220 | Illinois:
221 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
222 |   color: yellow
223 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
224 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
225 |     all private companies and citizens from paying ransom or extortion demands and
226 |     recommends focusing on strengthening defensive and resilience measures to prevent
227 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
228 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
229 |     maybe held civilly liable even if such person did not know or have reason to know
230 |     that it was engaging in a transaction that was prohibited under sanctions laws
231 |     and regulations administered by OFAC.
232 | Indiana:
233 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
234 |   color: yellow
235 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
236 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
237 |     all private companies and citizens from paying ransom or extortion demands and
238 |     recommends focusing on strengthening defensive and resilience measures to prevent
239 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
240 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
241 |     maybe held civilly liable even if such person did not know or have reason to know
242 |     that it was engaging in a transaction that was prohibited under sanctions laws
243 |     and regulations administered by OFAC.
244 | Iowa:
245 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
246 |   color: yellow
247 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
248 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
249 |     all private companies and citizens from paying ransom or extortion demands and
250 |     recommends focusing on strengthening defensive and resilience measures to prevent
251 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
252 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
253 |     maybe held civilly liable even if such person did not know or have reason to know
254 |     that it was engaging in a transaction that was prohibited under sanctions laws
255 |     and regulations administered by OFAC.
256 | Kansas:
257 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
258 |   color: yellow
259 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
260 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
261 |     all private companies and citizens from paying ransom or extortion demands and
262 |     recommends focusing on strengthening defensive and resilience measures to prevent
263 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
264 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
265 |     maybe held civilly liable even if such person did not know or have reason to know
266 |     that it was engaging in a transaction that was prohibited under sanctions laws
267 |     and regulations administered by OFAC.
268 | Kentucky:
269 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
270 |   color: yellow
271 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
272 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
273 |     all private companies and citizens from paying ransom or extortion demands and
274 |     recommends focusing on strengthening defensive and resilience measures to prevent
275 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
276 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
277 |     maybe held civilly liable even if such person did not know or have reason to know
278 |     that it was engaging in a transaction that was prohibited under sanctions laws
279 |     and regulations administered by OFAC.
280 | Louisiana:
281 |   citation1: https://www.legis.la.gov/Legis/Law.aspx?d=1187004
282 |   color: purple
283 |   info: Creates a registration system for managed service providers and managed security
284 |     service providers doing business in the state with a public body. Provides access
285 |     for public bodies to obtain information on managed service providers and managed
286 |     security service providers. Requires managed service providers and managed security
287 |     service providers to report to the Louisiana Fusion Center any cyber incidents
288 |     and the payment of cyber ransom or ransomware. Acts 2020, No. 117, §2, eff. Feb.
289 |     1, 2021.
290 | Maine:
291 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
292 |   color: yellow
293 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
294 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
295 |     all private companies and citizens from paying ransom or extortion demands and
296 |     recommends focusing on strengthening defensive and resilience measures to prevent
297 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
298 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
299 |     maybe held civilly liable even if such person did not know or have reason to know
300 |     that it was engaging in a transaction that was prohibited under sanctions laws
301 |     and regulations administered by OFAC.
302 | Maryland:
303 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
304 |   color: yellow
305 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
306 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
307 |     all private companies and citizens from paying ransom or extortion demands and
308 |     recommends focusing on strengthening defensive and resilience measures to prevent
309 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
310 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
311 |     maybe held civilly liable even if such person did not know or have reason to know
312 |     that it was engaging in a transaction that was prohibited under sanctions laws
313 |     and regulations administered by OFAC.
314 | Massachusetts:
315 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
316 |   color: yellow
317 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
318 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
319 |     all private companies and citizens from paying ransom or extortion demands and
320 |     recommends focusing on strengthening defensive and resilience measures to prevent
321 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
322 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
323 |     maybe held civilly liable even if such person did not know or have reason to know
324 |     that it was engaging in a transaction that was prohibited under sanctions laws
325 |     and regulations administered by OFAC.
326 | Michigan:
327 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
328 |   color: yellow
329 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
330 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
331 |     all private companies and citizens from paying ransom or extortion demands and
332 |     recommends focusing on strengthening defensive and resilience measures to prevent
333 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
334 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
335 |     maybe held civilly liable even if such person did not know or have reason to know
336 |     that it was engaging in a transaction that was prohibited under sanctions laws
337 |     and regulations administered by OFAC.
338 | Minnesota:
339 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
340 |   color: yellow
341 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
342 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
343 |     all private companies and citizens from paying ransom or extortion demands and
344 |     recommends focusing on strengthening defensive and resilience measures to prevent
345 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
346 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
347 |     maybe held civilly liable even if such person did not know or have reason to know
348 |     that it was engaging in a transaction that was prohibited under sanctions laws
349 |     and regulations administered by OFAC.
350 | Mississippi:
351 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
352 |   color: yellow
353 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
354 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
355 |     all private companies and citizens from paying ransom or extortion demands and
356 |     recommends focusing on strengthening defensive and resilience measures to prevent
357 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
358 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
359 |     maybe held civilly liable even if such person did not know or have reason to know
360 |     that it was engaging in a transaction that was prohibited under sanctions laws
361 |     and regulations administered by OFAC.
362 | Missouri:
363 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
364 |   color: yellow
365 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
366 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
367 |     all private companies and citizens from paying ransom or extortion demands and
368 |     recommends focusing on strengthening defensive and resilience measures to prevent
369 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
370 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
371 |     maybe held civilly liable even if such person did not know or have reason to know
372 |     that it was engaging in a transaction that was prohibited under sanctions laws
373 |     and regulations administered by OFAC.
374 | Montana:
375 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
376 |   color: yellow
377 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
378 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
379 |     all private companies and citizens from paying ransom or extortion demands and
380 |     recommends focusing on strengthening defensive and resilience measures to prevent
381 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
382 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
383 |     maybe held civilly liable even if such person did not know or have reason to know
384 |     that it was engaging in a transaction that was prohibited under sanctions laws
385 |     and regulations administered by OFAC.
386 | NOR:
387 |   citation1: https://nsm.no/fagomrader/digital-sikkerhet/rad-og-anbefalinger-innenfor-digital-sikkerhet/digital-utpressing/security-measures-against-ransomware-and-other-malware-attacks
388 |   color: green
389 |   info: 'AAlthough we have not been able to find explicit guidance, reading and reviewing
390 |     the  Norwegian National Security Authority gives the impression that although
391 |     they strongly encourage against paying ransoms, it is not technically illegal. '
392 | NZL:
393 |   citation1: https://www.dpmc.govt.nz/our-programmes/national-security/cyber-security-strategy/cyber-ransom-advice
394 |   color: yellow
395 |   info: The New Zealand Government strongly discourages the payment of ransoms to
396 |     cybercriminals, and urges all victims to report any cyber ransom incidents to
397 |     the relevant agencies, regardless of whether a ransom is paid. Cabinet has agreed
398 |     that government agencies do not pay cyber ransoms.
399 | Nebraska:
400 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
401 |   color: yellow
402 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
403 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
404 |     all private companies and citizens from paying ransom or extortion demands and
405 |     recommends focusing on strengthening defensive and resilience measures to prevent
406 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
407 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
408 |     maybe held civilly liable even if such person did not know or have reason to know
409 |     that it was engaging in a transaction that was prohibited under sanctions laws
410 |     and regulations administered by OFAC.
411 | Nevada:
412 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
413 |   color: yellow
414 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
415 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
416 |     all private companies and citizens from paying ransom or extortion demands and
417 |     recommends focusing on strengthening defensive and resilience measures to prevent
418 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
419 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
420 |     maybe held civilly liable even if such person did not know or have reason to know
421 |     that it was engaging in a transaction that was prohibited under sanctions laws
422 |     and regulations administered by OFAC.
423 | New Hampshire:
424 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
425 |   color: yellow
426 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
427 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
428 |     all private companies and citizens from paying ransom or extortion demands and
429 |     recommends focusing on strengthening defensive and resilience measures to prevent
430 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
431 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
432 |     maybe held civilly liable even if such person did not know or have reason to know
433 |     that it was engaging in a transaction that was prohibited under sanctions laws
434 |     and regulations administered by OFAC.
435 | New Jersey:
436 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
437 |   color: yellow
438 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
439 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
440 |     all private companies and citizens from paying ransom or extortion demands and
441 |     recommends focusing on strengthening defensive and resilience measures to prevent
442 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
443 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
444 |     maybe held civilly liable even if such person did not know or have reason to know
445 |     that it was engaging in a transaction that was prohibited under sanctions laws
446 |     and regulations administered by OFAC.
447 | New Mexico:
448 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
449 |   color: yellow
450 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
451 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
452 |     all private companies and citizens from paying ransom or extortion demands and
453 |     recommends focusing on strengthening defensive and resilience measures to prevent
454 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
455 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
456 |     maybe held civilly liable even if such person did not know or have reason to know
457 |     that it was engaging in a transaction that was prohibited under sanctions laws
458 |     and regulations administered by OFAC.
459 | New York:
460 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
461 |   citation2: https://www.nysenate.gov/legislation/bills/2021/S6806#:~:text=2021%2DS6806A%20(ACTIVE)%20%2D%20Summary,cyber%20ransom%20or%20ransomware%20attack.
462 |   color: orange
463 |   info: New York is presently considering legislation to ban ransomware payments and require reporting. Too Long Didn't Read... If you pay a ransom to an organization the US government
464 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
465 |     all private companies and citizens from paying ransom or extortion demands and
466 |     recommends focusing on strengthening defensive and resilience measures to prevent
467 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
468 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
469 |     maybe held civilly liable even if such person did not know or have reason to know
470 |     that it was engaging in a transaction that was prohibited under sanctions laws
471 |     and regulations administered by OFAC.
472 | North Carolina:
473 |   citation1: https://www.ncleg.gov/EnactedLegislation/Statutes/PDF/BySection/Chapter_143/GS_143-800.pdf
474 |   color: red
475 |   info: NCGS § 143-800 (2021 S.B. 105 (art. 84)) Prohibits state agencies or local
476 |     government entities from submitting payment or otherwise communicating with an
477 |     entity that us making a ransomware demand.
478 | North Dakota:
479 |   citation1: https://ndlegis.gov/cencode/t54c59-1.html
480 |   color: purple
481 |   info: 'Requires an entity to disclose to the department an identified or suspected
482 |     cybersecurity incident that affects the confidentiality, integrity, or availability
483 |     of information systems, data, or services. Disclosure must be made in the most
484 |     expedient time possible and without unreasonable delay. Cybersecurity incidents
485 |     required to be reported to the department include: 1. Suspected breaches; 2. Malware
486 |     affecting more than ten thousand dollars worth of devices or services incidents
487 |     that cause significant damage; 3. Denial of service attacks that affect the availability
488 |     of services; 4. Demands for ransom related to a cybersecurity incident or unauthorized
489 |     disclosure of digital records'
490 | Ohio:
491 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
492 |   color: yellow
493 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
494 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
495 |     all private companies and citizens from paying ransom or extortion demands and
496 |     recommends focusing on strengthening defensive and resilience measures to prevent
497 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
498 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
499 |     maybe held civilly liable even if such person did not know or have reason to know
500 |     that it was engaging in a transaction that was prohibited under sanctions laws
501 |     and regulations administered by OFAC.
502 | Oklahoma:
503 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
504 |   color: yellow
505 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
506 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
507 |     all private companies and citizens from paying ransom or extortion demands and
508 |     recommends focusing on strengthening defensive and resilience measures to prevent
509 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
510 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
511 |     maybe held civilly liable even if such person did not know or have reason to know
512 |     that it was engaging in a transaction that was prohibited under sanctions laws
513 |     and regulations administered by OFAC.
514 | Oregon:
515 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
516 |   color: yellow
517 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
518 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
519 |     all private companies and citizens from paying ransom or extortion demands and
520 |     recommends focusing on strengthening defensive and resilience measures to prevent
521 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
522 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
523 |     maybe held civilly liable even if such person did not know or have reason to know
524 |     that it was engaging in a transaction that was prohibited under sanctions laws
525 |     and regulations administered by OFAC.
526 | Pennsylvania:
527 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
528 |   citation2: https://www.legis.state.pa.us/cfdocs/billInfo/billInfo.cfm?sYear=2021&sInd=0&body=S&type=B&bn=0726
529 |   color: orange
530 |   info: Similar to other states, Pennsylvania's pending legislation attempts to block public monies (state and local) from paying ransoms. Too Long Didn't Read... If you pay a ransom to an organization the US government
531 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
532 |     all private companies and citizens from paying ransom or extortion demands and
533 |     recommends focusing on strengthening defensive and resilience measures to prevent
534 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
535 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
536 |     maybe held civilly liable even if such person did not know or have reason to know
537 |     that it was engaging in a transaction that was prohibited under sanctions laws
538 |     and regulations administered by OFAC.
539 | Rhode Island:
540 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
541 |   color: yellow
542 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
543 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
544 |     all private companies and citizens from paying ransom or extortion demands and
545 |     recommends focusing on strengthening defensive and resilience measures to prevent
546 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
547 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
548 |     maybe held civilly liable even if such person did not know or have reason to know
549 |     that it was engaging in a transaction that was prohibited under sanctions laws
550 |     and regulations administered by OFAC.
551 | SGP:
552 |   citation1: https://lawgazette.com.sg/practice/practice-matters/when-is-it-time-to-pay-the-piper/
553 |   color: green
554 |   info: There are no specific prohibitions against the payment of ransom in Singapore,
555 |     obligations and/or offences under various sanctions and terrorism financing laws
556 |     (such as the Terrorism (Suppression of Financing) Act, and the United Nations
557 |     Act) and anti-money laundering (AML)-related laws (such as under the Corruption,
558 |     Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act) may
559 |     be relevant to consider. Ethical issues may also arise in the decision matrix
560 |     as to whether ransomware payments should be made in any particular case.
561 | South Carolina:
562 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
563 |   color: yellow
564 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
565 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
566 |     all private companies and citizens from paying ransom or extortion demands and
567 |     recommends focusing on strengthening defensive and resilience measures to prevent
568 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
569 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
570 |     maybe held civilly liable even if such person did not know or have reason to know
571 |     that it was engaging in a transaction that was prohibited under sanctions laws
572 |     and regulations administered by OFAC.
573 | South Dakota:
574 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
575 |   color: yellow
576 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
577 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
578 |     all private companies and citizens from paying ransom or extortion demands and
579 |     recommends focusing on strengthening defensive and resilience measures to prevent
580 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
581 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
582 |     maybe held civilly liable even if such person did not know or have reason to know
583 |     that it was engaging in a transaction that was prohibited under sanctions laws
584 |     and regulations administered by OFAC.
585 | Tennessee:
586 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
587 |   color: yellow
588 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
589 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
590 |     all private companies and citizens from paying ransom or extortion demands and
591 |     recommends focusing on strengthening defensive and resilience measures to prevent
592 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
593 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
594 |     maybe held civilly liable even if such person did not know or have reason to know
595 |     that it was engaging in a transaction that was prohibited under sanctions laws
596 |     and regulations administered by OFAC.
597 | Texas:
598 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
599 |   color: yellow
600 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
601 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
602 |     all private companies and citizens from paying ransom or extortion demands and
603 |     recommends focusing on strengthening defensive and resilience measures to prevent
604 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
605 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
606 |     maybe held civilly liable even if such person did not know or have reason to know
607 |     that it was engaging in a transaction that was prohibited under sanctions laws
608 |     and regulations administered by OFAC.
609 | Utah:
610 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
611 |   color: yellow
612 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
613 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
614 |     all private companies and citizens from paying ransom or extortion demands and
615 |     recommends focusing on strengthening defensive and resilience measures to prevent
616 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
617 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
618 |     maybe held civilly liable even if such person did not know or have reason to know
619 |     that it was engaging in a transaction that was prohibited under sanctions laws
620 |     and regulations administered by OFAC.
621 | Vermont:
622 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
623 |   color: yellow
624 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
625 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
626 |     all private companies and citizens from paying ransom or extortion demands and
627 |     recommends focusing on strengthening defensive and resilience measures to prevent
628 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
629 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
630 |     maybe held civilly liable even if such person did not know or have reason to know
631 |     that it was engaging in a transaction that was prohibited under sanctions laws
632 |     and regulations administered by OFAC.
633 | Virginia:
634 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
635 |   color: yellow
636 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
637 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
638 |     all private companies and citizens from paying ransom or extortion demands and
639 |     recommends focusing on strengthening defensive and resilience measures to prevent
640 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
641 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
642 |     maybe held civilly liable even if such person did not know or have reason to know
643 |     that it was engaging in a transaction that was prohibited under sanctions laws
644 |     and regulations administered by OFAC.
645 | Washington:
646 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
647 |   color: yellow
648 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
649 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
650 |     all private companies and citizens from paying ransom or extortion demands and
651 |     recommends focusing on strengthening defensive and resilience measures to prevent
652 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
653 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
654 |     maybe held civilly liable even if such person did not know or have reason to know
655 |     that it was engaging in a transaction that was prohibited under sanctions laws
656 |     and regulations administered by OFAC.
657 | West Virginia:
658 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
659 |   color: yellow
660 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
661 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
662 |     all private companies and citizens from paying ransom or extortion demands and
663 |     recommends focusing on strengthening defensive and resilience measures to prevent
664 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
665 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
666 |     maybe held civilly liable even if such person did not know or have reason to know
667 |     that it was engaging in a transaction that was prohibited under sanctions laws
668 |     and regulations administered by OFAC.
669 | Wisconsin:
670 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
671 |   color: yellow
672 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
673 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
674 |     all private companies and citizens from paying ransom or extortion demands and
675 |     recommends focusing on strengthening defensive and resilience measures to prevent
676 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
677 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
678 |     maybe held civilly liable even if such person did not know or have reason to know
679 |     that it was engaging in a transaction that was prohibited under sanctions laws
680 |     and regulations administered by OFAC.
681 | Wyoming:
682 |   citation1: https://ofac.treasury.gov/recent-actions/20201001
683 |   color: yellow
684 |   info: Too Long Didn't Read... If you pay a ransom to an organization the US government
685 |     thinks are terrorists, you will have a bad day. The U.S. government strongly discourages
686 |     all private companies and citizens from paying ransom or extortion demands and
687 |     recommends focusing on strengthening defensive and resilience measures to prevent
688 |     and protect against ransomware attacks. OFAC may impose civil penalties for sanctions
689 |     violations based on strict liability, meaning that a person subject to U.S. jurisdiction
690 |     maybe held civilly liable even if such person did not know or have reason to know
691 |     that it was engaging in a transaction that was prohibited under sanctions laws
692 |     and regulations administered by OFAC.
693 | ZAF:
694 |   citation1: https://www.fasken.com/en/knowledge/2022/04/ransomware-to-pay-or-not-to-pay
695 |   color: green
696 |   info: Legally there is no prohibition from paying a ransom, but consideration should
697 |     be given to whether such an entity or person to whom the ransom payment is being
698 |     made is sanctioned or a terrorist group. In practice, the identity of the perpetrator
699 |     might not be ascertainable thus it is important for businesses to conduct necessary
700 |     risk assessments before making such payments and have regard to their data protection
701 |     obligations to report data breaches to the relevant parties.
702 | 


--------------------------------------------------------------------------------
/data_yml_update.py:
--------------------------------------------------------------------------------
 1 | import yaml
 2 | import json
 3 | 
 4 | # For merged-data.geojson
 5 | def find_id_by_name(country_name, geojson_file="merged-data.geojson"):
 6 |     """Find the id of a country by its name from the geojson data."""
 7 |     
 8 |     with open(geojson_file, 'r') as file:
 9 |         geojson_data = json.load(file)
10 |     
11 |     for feature in geojson_data.get("features", []):
12 |         if feature["properties"]["name"] == country_name:
13 |             return feature["id"]
14 | 
15 |     return None
16 | 
17 | def get_input():
18 |     """Get user input for the country and its attributes."""
19 |     country_name = input("Enter the country name (e.g., Afghanistan): ")
20 |     country_id = find_id_by_name(country_name)
21 |     
22 |     if not country_id:
23 |         print("You didn't spell something right. Please try again.")
24 |         return None
25 | 
26 |     color = input(f"Enter the color for {country_name}: ")
27 |     info = input(f"Enter the info for {country_name}: ")
28 |     citation = input(f"Enter the citation for {country_name}: ")
29 |     
30 |     return {country_id: {"color": color, "info": info, "citation": citation}}
31 | 
32 | def add_to_yaml(file_name, new_data):
33 |     """Add new data to the YAML file."""
34 |     if not new_data:
35 |         return
36 | 
37 |     with open(file_name, 'r') as file:
38 |         data = yaml.safe_load(file) or {}  # Load existing data or initialize an empty dict
39 |     
40 |     data.update(new_data)
41 | 
42 |     with open(file_name, 'w') as file:
43 |         yaml.dump(data, file, default_flow_style=False, allow_unicode=True)
44 | 
45 | def main():
46 |     while True:
47 |         file_name = "data.yml"
48 |         new_data = get_input()
49 | 
50 |         if new_data:
51 |             country_id = list(new_data.keys())[0]
52 |             add_to_yaml(file_name, new_data)
53 |             print(f"{file_name} has been updated with the new data for country ID {country_id}!")
54 |             break
55 |         
56 |         retry = input("Would you like to try again? (yes/no): ").strip().lower()
57 |         if retry != "yes":
58 |             break
59 | 
60 | if __name__ == "__main__":
61 |     main()
62 | 


--------------------------------------------------------------------------------
/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rkovar/ransomwarelegality/27b63f7555ec1692f6016d0c0b27ced444cfff6f/favicon.ico


--------------------------------------------------------------------------------
/index.html:
--------------------------------------------------------------------------------
  1 | <!DOCTYPE html>
  2 | <html lang="en">
  3 | 
  4 | <head>
  5 |     <meta charset="UTF-8">
  6 |     <meta name="viewport" content="width=device-width, initial-scale=1.0">
  7 |     <title>Interactive Map of Countries that Will Allow You to Pay Ransomware or Extortion Demands</title>
  8 |     <link rel="icon" href="favicon.ico" type="image/x-icon">
  9 |     <meta name="description" content="An exploration into the legality of ransomware payment">
 10 | 
 11 | <!-- Google tag (gtag.js) -->
 12 | <script async src="https://www.googletagmanager.com/gtag/js?id=G-PQN28R8KZD"></script>
 13 | <script>
 14 |   window.dataLayer = window.dataLayer || [];
 15 |   function gtag(){dataLayer.push(arguments);}
 16 |   gtag('js', new Date());
 17 | 
 18 |   gtag('config', 'G-PQN28R8KZD');
 19 | </script>
 20 | 
 21 |     <!-- Open Graph Tags -->
 22 |     <meta property="og:title" content="Interactive Map of Countries that Will Allow You to Pay Ransomware or Extortion Demands">
 23 |     <meta property="og:description" content="An exploration into the legality of ransomware payment">
 24 |     <meta property="og:image" content="https://isitlegaltopay.com/isitlegal.png">
 25 |     <meta property="og:url" content="https://isitlegaltopay.com">
 26 |     <meta property="og:type" content="website">
 27 |     <meta property="og:site_name" content="Is It Legal To Pay?">
 28 | 
 29 |     <!-- Leaflet CSS -->
 30 |     <link rel="stylesheet" href="https://unpkg.com/leaflet@1.7.1/dist/leaflet.css" />
 31 | 
 32 |     <!-- Internal styles for the map container, legend, and info box -->
 33 |     <style>
 34 |         body, html {
 35 |             height: 100%;
 36 |             margin: 0;
 37 |             font-family: Arial, sans-serif;
 38 |         }
 39 | 
 40 |         #mapContainer {
 41 |             position: relative;
 42 |             height: 100%;
 43 |             width: 100%;
 44 |         }
 45 | 
 46 |         #map {
 47 |             height: 100%;
 48 |             width: 100%;
 49 |         }
 50 | 
 51 |         .legend, .info-box {
 52 |             position: absolute;
 53 |             background-color: rgba(255, 255, 255, 0.8);
 54 |             padding: 10px;
 55 |             border-radius: 5px;
 56 |             z-index: 10000;
 57 |             box-shadow: 0 0 15px rgba(0, 0, 0, 0.2);
 58 |         }
 59 | 
 60 |         .legend {
 61 |             bottom: 10px;
 62 |             right: 10px;
 63 |         }
 64 | 
 65 |         .info-box {
 66 |             top: 10px;
 67 |             left: 10px;
 68 |             max-width: 300px; 
 69 |         }
 70 | 
 71 |         .legend-header, .info-box-header {
 72 |             font-weight: bold;
 73 |             margin-bottom: 10px;
 74 |         }
 75 | 
 76 |         .legend-row {
 77 |             display: flex;
 78 |             align-items: center;
 79 |             margin-bottom: 5px;
 80 |         }
 81 | 
 82 |         .legend-color {
 83 |             width: 20px;
 84 |             height: 20px;
 85 |             border: 1px solid #ccc;
 86 |             margin-right: 5px;
 87 |         }
 88 | 
 89 |         a.info-box-link {
 90 |             color: #0077cc;
 91 |             text-decoration: none;
 92 |         }
 93 | 
 94 |         a.info-box-link:hover {
 95 |             text-decoration: underline;
 96 |         }
 97 |     </style>
 98 | 
 99 |     <!-- Include the js-yaml library -->
100 |     <script src="https://cdnjs.cloudflare.com/ajax/libs/js-yaml/4.1.0/js-yaml.min.js"></script>
101 | </head>
102 | 
103 | <body>
104 | 
105 |     <div id="mapContainer">
106 |         <div id="map"></div>
107 | 
108 |         <!-- Legend -->
109 |         <div class="legend">
110 |             <div class="legend-header">Can I pay the ransom?</div>
111 |             <div class="legend-row">
112 |                 <div class="legend-color" style="background-color: red;"></div>
113 |                 <div>Illegal to pay*</div>
114 |             </div>
115 |             <div class="legend-row">
116 |                 <div class="legend-color" style="background-color: green;"></div>
117 |                 <div>Legal to pay</div>
118 |             </div>
119 |             <div class="legend-row">
120 |                 <div class="legend-color" style="background-color: purple;"></div>
121 |                 <div>Yes, but you have to report</div>
122 |             </div>
123 |             <div class="legend-row">
124 |                 <div class="legend-color" style="background-color: yellow;"></div>
125 |                 <div>It's complicated</div>
126 |             </div>
127 |             <div class="legend-row">
128 |                 <div class="legend-color" style="background-color: orange;"></div>
129 |                 <div>Legislation is in progress to prevent payment</div>
130 |             </div>        
131 |             <div class="legend-row">
132 |                 <div class="legend-color" style="background-color: white;"></div>
133 |                 <div>Unknown at this time</div>
134 |             </div>
135 |         </div>
136 | 
137 |         <!-- Info Box -->
138 |         <div class="info-box">
139 |             <div class="info-box-header">Is it legal to pay a ransom in an extortion event?</div>
140 |             This is a difficult question. Some countries say that it's a bad idea because "you might fund terrorism" others are explicit in saying "no". The data is still coming up, but feel free to <a href="https://github.com/rkovar/ransomwarelegality" target="_blank" class="info-box-link">contribute on github</a> if you know more information or find anything incorrect. It should be noted, I am not a lawyer so check with your local government or local legal representation before believing someone on the internet. But if you have questions, <a href="aboutme.html" target="_blank" class="info-box-link">find me here</a> 
141 |         </div>
142 |     </div>
143 | 
144 |     <!-- Leaflet JS -->
145 |     <script src="https://unpkg.com/leaflet@1.7.1/dist/leaflet.js"></script>
146 | 
147 |     <!-- Our custom script -->
148 |     <script src="script.js"></script>
149 | </body>
150 | 
151 | </html>
152 | 


--------------------------------------------------------------------------------
/isitlegal.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rkovar/ransomwarelegality/27b63f7555ec1692f6016d0c0b27ced444cfff6f/isitlegal.png


--------------------------------------------------------------------------------
/script.js:
--------------------------------------------------------------------------------
 1 | console.log("Script started");
 2 | 
 3 | // Initialize the map
 4 | let mymap = L.map('map').setView([20, 0], 2);
 5 | 
 6 | // Add tiles to the map
 7 | L.tileLayer('https://{s}.tile.openstreetmap.org/{z}/{x}/{y}.png').addTo(mymap);
 8 | 
 9 | // Load data from the YAML file
10 | fetch('data.yml')
11 |     .then(response => {
12 |         if (!response.ok) {
13 |             throw new Error(`HTTP error fetching 'data.yml'! Status: ${response.status}`);
14 |         }
15 |         return response.text();
16 |     })
17 |     .then(yamlText => {
18 |         const geoData = jsyaml.load(yamlText);
19 |         console.log("Loaded Geo Data:", geoData);
20 | 
21 |         // Function to style features based on data
22 |         function styleFeature(feature) {
23 |             const identifier = feature.id;
24 |             return {
25 |                 fillColor: geoData[identifier]?.color || 'white',
26 |                 fillOpacity: 0.6,
27 |                 weight: 2
28 |             };
29 |         }
30 | 
31 |         // Function to handle click events on features (countries or states)
32 |         function onFeatureClick(e) {
33 |             const identifier = e.target.feature.id;
34 |             const name = e.target.feature.properties.name;
35 |             const info = geoData[identifier]?.info || 'No information available';
36 | 
37 |             console.log("Geo Data for Identifier:", geoData[identifier]);
38 | 
39 |             const citations = [];
40 |             if (geoData[identifier]?.citation1) {
41 |                 citations.push(`<a href="${geoData[identifier].citation1}" target="_blank">Citation 1</a>`);
42 |             }
43 |             if (geoData[identifier]?.citation2) {
44 |                 citations.push(`<a href="${geoData[identifier].citation2}" target="_blank">Citation 2</a>`);
45 |             }
46 | 
47 |             console.log("Generated Citations:", citations);
48 | 
49 |             const citationHTML = citations.length ? `<br>` + citations.join('<br>') : '';
50 | 
51 |             e.target.bindPopup(`<strong>${name}: Ransomware Payment Details</strong><br>${info}${citationHTML}`).openPopup();
52 |         }
53 | 
54 |         // Fetch the merged GeoJSON data, add it to the map, and set up click interactions
55 |         fetch('merged-data.geojson')
56 |             .then(response => {
57 |                 if (!response.ok) {
58 |                     throw new Error(`HTTP error fetching 'merged-data.geojson'! Status: ${response.status}`);
59 |                 }
60 |                 return response.json();
61 |             })
62 |             .then(data => {
63 |                 L.geoJson(data, {
64 |                     style: styleFeature,
65 |                     onEachFeature: function (feature, layer) {
66 |                         layer.on({
67 |                             click: onFeatureClick
68 |                         });
69 |                     }
70 |                 }).addTo(mymap);
71 |             })
72 |             .catch(e => {
73 |                 console.error("Error fetching merged-data.geojson:", e.message);
74 |             });
75 |     })
76 |     .catch(e => {
77 |         console.error("Error fetching data.yml:", e.message);
78 |     });
79 | 


--------------------------------------------------------------------------------
/styles.css:
--------------------------------------------------------------------------------
 1 | body, html {
 2 |     height: 100%;
 3 |     margin: 0;
 4 |     font-family: Arial, sans-serif;
 5 | }
 6 | 
 7 | #mapContainer {
 8 |     position: relative; 
 9 |     height: 100%; 
10 |     width: 100%;
11 | }
12 | 
13 | #map {
14 |     height: 100%;
15 |     width: 100%;
16 | }
17 | 
18 | .legend {
19 |     bottom: 10px;
20 |     right: 10px;
21 |     transform-origin: bottom right; /* Ensuring the scale transformation is based on the bottom right corner */
22 |     transform: scale(0.5); /* Reducing the size to 50% */
23 |     position: absolute;
24 |     background-color: rgba(255, 255, 255, 0.8);
25 |     padding: 10px;
26 |     border-radius: 5px;
27 |     z-index: 10000;
28 |     box-shadow: 0 0 15px rgba(0, 0, 0, 0.2);
29 | }
30 | 
31 | 
32 | 
33 | .legend-header {
34 |     font-weight: bold;
35 |     margin-bottom: 10px;
36 | }
37 | 
38 | .legend-row {
39 |     display: flex;
40 |     align-items: center;
41 |     margin-bottom: 5px;
42 | }
43 | 
44 | .legend-color {
45 |     width: 20px;
46 |     height: 20px;
47 |     border: 1px solid #ccc;
48 |     margin-right: 5px;
49 | }
50 | 


--------------------------------------------------------------------------------