On January 14, 2022, the Russian Federal Security Service detained members of the REvil ransomware group at the request of the United States, according to public press reports.
Continue Reading Russian Federal Security Service Reportedly Detains Members of REvil Ransomware Group
Ransomware
U.S. Department of the Treasury Announces Partnership with Israel to Combat Ransomware
On November 14, 2021, the U.S. Department of the Treasury announced a bilateral cybersecurity partnership with the Israeli Ministry of Finance “to protect critical financial infrastructure and emerging technologies” and combat the use of ransomware. The initiative includes the launch of a U.S.-Israeli Task Force on Fintech Innovation and Cybersecurity (the “Task Force”), which seeks to advance the twin goals of encouraging fintech innovation while protecting against cyber threats from nation-state and criminal actors.
Continue Reading U.S. Department of the Treasury Announces Partnership with Israel to Combat Ransomware
FTC Recommends Steps to Protect Against Ransomware
On November 5, 2021, the Federal Trade Commission suggested two preventative steps small businesses can take to protect against ransomware risks. This post provides a summary of the steps.
Continue Reading FTC Recommends Steps to Protect Against Ransomware
Russia-Linked REvil Hackers and Their Affiliates Hit with Arrests by the U.S. and International Allies
On November 8, 2021, law enforcement agencies in both the United States and European Union announced that a series of actions, including a number of arrests, were taken against the Russia-linked ransomware group, “REvil.” …
Continue Reading Russia-Linked REvil Hackers and Their Affiliates Hit with Arrests by the U.S. and International Allies
DHS Issues Cybersecurity Guidance for Critical Infrastructure Firms
On September 22, 2021, Secretary of Homeland Security Alejandro N. Mayorkas and Secretary of Commerce Gina Raimondo released a joint statement on the Department of Homeland Security’s issuance of preliminary Critical Infrastructure Control Systems Cybersecurity Performance Goals and Objectives. The Preliminary Goals identify nine overarching control system cybersecurity performance goals, each containing specific objectives to support the deployment and operation of secure control systems.
Continue Reading DHS Issues Cybersecurity Guidance for Critical Infrastructure Firms
OFAC Again Says Beware of Sanctions When Making Ransomware Payments and Designates Virtual Currency Exchange as Malicious Cyber Actor
On September 21, 2021, the U.S. Department of the Treasury’s Office of Foreign Assets Control issued an Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments on the sanctions risks associated with facilitating ransomware payments. OFAC, with assistance from the FBI, also designated SUEX OTC, S.R.O., as a malicious cyber actor, the first such sanctions designation against a virtual currency exchange.
Continue Reading OFAC Again Says Beware of Sanctions When Making Ransomware Payments and Designates Virtual Currency Exchange as Malicious Cyber Actor
U.S. Department of Homeland Security Announces Additional Pipeline Cybersecurity Directive
In July 2021, the U.S. Department of Homeland Security’s Transportation Security Administration announced a new Security Directive requiring owners and operators of certain critical pipelines transporting hazardous liquids and natural gas to implement specific cybersecurity measures.
Continue Reading U.S. Department of Homeland Security Announces Additional Pipeline Cybersecurity Directive
White House Issues Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems
On July 28, 2021, President Biden signed a National Security Memorandum that formally establishes an Industrial Control Systems Cybersecurity Initiative and directs the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and the Department of Commerce’s National Institute of Standards and Technology, in collaboration with other agencies, to develop and issue cybersecurity performance goals for critical infrastructure.
Continue Reading White House Issues Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems
New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process
The New York Department of Financial Services, which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No. 2 (2021) regarding “Cyber Insurance Risk Framework”, calling on insurers to take more stringent measures in underwriting cyber risks. In the Guidelines, NYDFS cites the 2020 SolarWinds attack as an example of how managing growing cyber risk is “an urgent challenge for insurers.”…
Continue Reading New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process
U.S. Department of the Treasury Issues Advisory Warning that Ransomware Payments May Violate OFAC Sanctions
On October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control issued an advisory alerting companies of potential sanctions risks related to facilitating ransomware payments.
Continue Reading U.S. Department of the Treasury Issues Advisory Warning that Ransomware Payments May Violate OFAC Sanctions