This article suggests that by following the ransomware due diligence checklist set forth below, a ransomware victim who opts to pay the ransom can in the least mitigate the chances of a U.S. civil enforcement action or criminal prosecution, and perhaps even avoid U.S. government scrutiny altogether.
Source: (26) A Ransomware OFAC Due Diligence Checklist | LinkedIn
