The Office of Foreign Assets Control (OFACas added another cyber actor to the SDN list. As a result, U.S. persons are prohibited from engaging in any dealings with the State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM), a Russian government research institution that is said to be connected to the destructive Triton malware. The Triton malware – also known as TRISIS and HatMan in open source reporting – was designed specifically to target and manipulate industrial safety systems. The prohibition against dealing with TsNIIKhM extends to the payment of ransom. This new designation follows OFAC’s October 1 issuance of an Advisory regarding potential sanctions risks of making or facilitating ransom payments in connection with malware attacks. We discussed the Advisory and related considerations in our recent post and alert. This is the fifth occasion on which OFAC has designated malicious cyber actors – the Triton malware joins Cryptolocker, SamSam, WannaCry 2.0 and Dridex on the list of malware subject to OFAC sanctions risk in the ransom payment context. The OFAC Advisory promised additional designations, so it is likely the designation of the Triton developer will not be the last.