Topic: Ransomware

Subscribe to Ransomware RSS feed

The UK’s ICO issues a monetary penalty notice to professional services firm after ransomware attack

On 10 March 2022, the Information Commissioner’s Office (ICO) issued a monetary penalty notice to a professional services firm (the Firm) to the tune of £98,000 for a breach of Article 5(1)(f) of the General Data Protection Regulation (GDPR). The Firm was the victim of a ransomware attack which it first became aware of on … Continue reading

Congress Agrees – 72-Hour Cyber Incident Reporting Requirement to Take Effect

US banking regulators propose a rule for 36-hour notice of breachOn March 15, 2022, President Biden signed an omnibus spending bill into law, which, in part, requires companies to report cyber incidents and ransom payments.  The relevant portions of the law, titled the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“Act”) proposes reporting requirements for incidents, establishes new programs to curtail ransomware attacks … Continue reading

Who gets to decide to pay the ransom in a ransomware attack?

The onslaught of ransomware attacks since the pandemic began has not slowed.  Organizations have been faced with the task of continuously reviewing their cybersecurity programs to ensure they are following best practices to protect against ransomware groups.  But organizations also need to be prepared to respond to such an attack if their cybersecurity practices are … Continue reading

Cyber authorities sound the alarm on critical vulnerability In Java Library

Cyber authorities sound the alarmOn December 9, 2021 a critical vulnerability (CVE-2021-44228) was reported within the Apache Log4j Java logging framework. The vulnerability allows threat actors to remotely execute code on both on-premises and cloud-based application servers, thereby obtaining control of the impacted servers. This is a critical vulnerability of very high significance to government and industry groups. See … Continue reading

US Senate considers mandating 24-hour reporting requirement for ransom payments

Norton Rose Fulbright - Data Protection Report blogOn September 28, 2021, the US Senate Homeland Security and Governmental Affairs Committee released a draft bill that would, among other things, require nearly all entities that make a ransom payment as the result of a ransomware attack against the entity to report the payment to the Director of the Cybersecurity and Infrastructure Security Agency … Continue reading

OFAC Announces New Measures to Address Ransomware Attacks

Norton Rose Fulbright - Data Protection Report blogThe U.S. Department of Treasury, Office of Foreign Assets Control (“OFAC”) implemented additional measures today to combat the growing ransomware problem.  OFAC’s measures consist of: (1) the designation of the entire SUEX OTC, S.R.O. (“SUEX”) crypto-currency exchange (SUEX) to the SDN List; (2) designating a fairly large number (~25) additional digital currency addresses to the … Continue reading
LexBlog