Topic: Ransomware

Subscribe to Ransomware RSS feed

FTC Signals Additional Scrutiny for Data Breaches

Photo of Anna Rudawski (US)Photo of Chris Cwalina (US)By Anna Rudawski (US) and Chris Cwalina (US) on Posted in Cybersecurity, Data breach, Privacy law, Ransomware, Regulatory response
On May 20, 2022, the Federal Trade Commission (FTC) stated that failure to disclose a data breach may be a violation of Section 5 of the FTC Act.  Historically, the FTC has not been explicit about its notification expectations, but in blog post published by the FTC’s CTO and Division of Privacy and Identity Protection, … Continue reading

The UK’s ICO issues a monetary penalty notice to professional services firm after ransomware attack

Photo of Steven Hadwin (UK)Photo of Tim JonesBy Steven Hadwin (UK) and Tim Jones on Posted in Cybersecurity, Data breach, Enforcement, Ransomware, Regulatory response
On 10 March 2022, the Information Commissioner’s Office (ICO) issued a monetary penalty notice to a professional services firm (the Firm) to the tune of £98,000 for a breach of Article 5(1)(f) of the General Data Protection Regulation (GDPR). The Firm was the victim of a ransomware attack which it first became aware of on … Continue reading

Congress Agrees – 72-Hour Cyber Incident Reporting Requirement to Take Effect

Photo of Chris Cwalina (US)Photo of Ashley Zatloukal (US)Photo of Anna Rudawski (US)Photo of Will Daugherty (US)Photo of Alexis Wilpon (US)By Chris Cwalina (US), Ashley Zatloukal (US), Anna Rudawski (US), Will Daugherty (US) and Alexis Wilpon (US) on Posted in Cybersecurity, Data breach, Ransomware
US banking regulators propose a rule for 36-hour notice of breachOn March 15, 2022, President Biden signed an omnibus spending bill into law, which, in part, requires companies to report cyber incidents and ransom payments.  The relevant portions of the law, titled the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“Act”) proposes reporting requirements for incidents, establishes new programs to curtail ransomware attacks … Continue reading

Who gets to decide to pay the ransom in a ransomware attack?

Photo of Chris Cwalina (US)Photo of Kevin Harnisch (US)Photo of Ilana Sinkin (US)Photo of Ashley Zatloukal (US)By Chris Cwalina (US), Kevin Harnisch (US), Ilana Sinkin (US) and Ashley Zatloukal (US) on Posted in Cybersecurity, Data breach, Ransomware
The onslaught of ransomware attacks since the pandemic began has not slowed.  Organizations have been faced with the task of continuously reviewing their cybersecurity programs to ensure they are following best practices to protect against ransomware groups.  But organizations also need to be prepared to respond to such an attack if their cybersecurity practices are … Continue reading

Cyber authorities sound the alarm on critical vulnerability In Java Library

Photo of David Kitchen (US)Photo of Chris Cwalina (US)Photo of Anna Rudawski (US)Photo of David Kessler (US)Photo of Will Daugherty (US)By David Kitchen (US), Chris Cwalina (US), Anna Rudawski (US), David Kessler (US) and Will Daugherty (US) on Posted in Cybercrime, Cybersecurity, Ransomware, Vendor management and transactions
Cyber authorities sound the alarmOn December 9, 2021 a critical vulnerability (CVE-2021-44228) was reported within the Apache Log4j Java logging framework. The vulnerability allows threat actors to remotely execute code on both on-premises and cloud-based application servers, thereby obtaining control of the impacted servers. This is a critical vulnerability of very high significance to government and industry groups. See … Continue reading

US Senate considers mandating 24-hour reporting requirement for ransom payments

Photo of David Kitchen (US)Photo of Kate Nelson (US)By David Kitchen (US) and Kate Nelson (US) on Posted in Cybercrime, Cybersecurity, General, Ransomware
Norton Rose Fulbright - Data Protection Report blogOn September 28, 2021, the US Senate Homeland Security and Governmental Affairs Committee released a draft bill that would, among other things, require nearly all entities that make a ransom payment as the result of a ransomware attack against the entity to report the payment to the Director of the Cybersecurity and Infrastructure Security Agency … Continue reading

OFAC Announces New Measures to Address Ransomware Attacks

Photo of Chris Cwalina (US)Photo of Ashley Zatloukal (US)Photo of Stefan H. Reisinger (US)By Chris Cwalina (US), Ashley Zatloukal (US) and Stefan H. Reisinger (US) on Posted in Cybercrime, Cybersecurity, Ransomware
Norton Rose Fulbright - Data Protection Report blogThe U.S. Department of Treasury, Office of Foreign Assets Control (“OFAC”) implemented additional measures today to combat the growing ransomware problem.  OFAC’s measures consist of: (1) the designation of the entire SUEX OTC, S.R.O. (“SUEX”) crypto-currency exchange (SUEX) to the SDN List; (2) designating a fairly large number (~25) additional digital currency addresses to the … Continue reading
LexBlog