Recent comments by FTC Chairwoman Edith Ramirez suggest that a company’s failure to take preventative measures to address ransomware could result in an enforcement action by the FTC, even if a company is never actually subject to a ransomware attack. The Chairwoman’s comments reflect a growing concern among US government agencies regarding ransomware and may foreshadow additional FTC action, building upon a developing trend of US regulators engaging in pre-breach enforcement action.
FBI
The Business E-mail Compromise attack – what your company should know to prevent attacks and recover fraudulent wire transfers
The Federal Bureau of Investigation (“FBI”) issued Public Service Announcement (“PSA”) I-082715a, updating a previous PSA describing the “Business E-mail Compromise.” The FBI defines the Business E-mail Compromise as “a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.” The attack often leads to business wire transferring substantial funds (amounts in the hundreds of thousands or millions of dollars) directly to bogus bank accounts set up by the thieves. The majority of these attacks send funds to banks in the Far East.