It's not very clear what room for maneuvering is left for incident response companies to assist their clients with ransomware attacks and whether providing information about the attackers, engaging with them to test whether they're able to actually decrypt files or to negotiate a lower ransom would qualify as "facilitating" a transaction under the OFAC regulations. "Frankly, that puts us in an interesting situation with a client, where we say: 'Hey, we are not able to facilitate payments. Can we still negotiate on your behalf? Absolutely. And we can validate all the keys and do all of those things to get you to the point where you can do a transaction but we cannot do a transaction'," Kurtis Minder, CEO of threat intelligence firm GroupSense, tells CSO.