The United States Department of Treasury’s Office of Foreign Assets Control (OFAC) is broadly tasked with administering and enforcing economic trade sanctions based on United States foreign policy and national security goals. On October 1, 2020, OFAC issued an “Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments” to companies providing services to victims of ransomware attacks.
Read more »Tag: ransomware
-
Office of Foreign Assets Control Guidance on Ransomware Payments Posted on: January 21, 2021 In: Data Privacy & Cybersecurity
-
FBI Healthcare Alert - Imminent Threat Of Widespread Ryuk Attack Posted on: October 29, 2020 In: COVID-19 Response
The FBI and DHS-CISA issued a warning on October 28, 2020 about an imminent threat to hospitals and healthcare providers. They represent that they have credible information to suggest there will be a widespread Ryuk ransomware attack this weekend (October 30 - November 1), and the FBI, DHS and the NSA's Cybersecurity Threat Operations Center are currently investigating the matter. It is recommended that hospitals and healthcare providers implement the following measures as soon as possible.
Read more »
-
Ransomware and the Paramount Importance of Evidence Preservation for Healthcare Entities Posted on: March 10, 2020 In: Data Privacy & Cybersecurity
Organizations regulated by the Healthcare Information Privacy and Accountability Act (HIPAA) must take special care to preserve valuable forensic artifacts at the outset of a ransomware or other cybersecurity event. The HIPAA Breach Notification Rule presumes a cybersecurity incident has resulted in unauthorized access to unsecured protected health information and the burden shifts to the organization to show a low probability of the compromise of the health information it maintains.
Read more »
-
Cybersecurity Resolutions for 2020 Posted on: January 03, 2020 In: Data Privacy & Cybersecurity
A new year is once again upon us, which means people across the world will resolve to exercise more, eat healthier, eliminate financial debt and, most importantly, enhance their cybersecurity practices over the coming year. Good luck to all in this time-honored annual quest!
Read more »
-
Threat Intelligence: Maze Ransomware Variant Posted on: December 09, 2019 In: Data Privacy & Cybersecurity
While ransomware variants like GandCrab, Ryuk, and WannaCry have received a lot of attention and cost their victims significant amounts of money, these attacks are rarely accompanied by a credible threat to expose sensitive data. These threat actors are able to monetize their attacks with the extortion payments alone. However, a variant known as Maze (or ChaCha) could change that equation.
Read more »
-
Ransomware Attack Trends: Tips for Prevention & Response Posted on: September 09, 2019 In: Data Privacy & Cybersecurity
Ransomware continues to cause severe disruptions and the loss of critical data within business information systems. It is also leveraging the use of certain providers and tools to increase its devastation and profit.
Read more »
-
Shutting Down the Factory: Why the Manufacturing Sector Must Pay More Attention to Cyber Attackers Posted on: July 23, 2019 In: Data Privacy & Cybersecurity
On any given day, the manufacturing business is fraught with challenges, from supply chain issues to personnel matters, pricing strategies, competition, and customer acquisition. The last thing a company needs or wants is to be a target in the crosshairs of overseas criminals who treat the company’s operating capital as a piggy bank to be cracked open.
Read more »
-
Ransomware Reminders: Implementing Best Practices & Avoiding the Biggest Mistakes Posted on: June 27, 2019 In: Data Privacy & Cybersecurity
Ransomware continues to ravage systems across the globe in part because, unlike more typical malware, its lifespan on a computer is incredibly short. Recent strains like Ryuk and BitPaymer encrypt files and deliver their ransomware messages within seconds of appearance on a victim’s computer, leaving little time for detection and defense. The FBI recently alerted data security professionals worldwide to be aware of yet another new variant – this one called RobbinHood – that follows similar attack vectors.
Read more »
-
Emerging Trend: Managed Service Providers Targeted with Ransomware Posted on: March 25, 2019 In: Data Privacy & Cybersecurity
An emerging cyber-attack trend is shifting the paradigm for both cyber-preparedness and incident response: ransomware attacks targeting managed service providers. This is, in part, because the size of these attacks can be an order of magnitude larger in terms of the number of entities that are simultaneously affected, and because of the corresponding large-scale efforts that must be undertaken to swiftly and effectively remediate these attacks.
Read more »
-
Choosing the Wrong Partners in a Ransomware Attack - Making a Bad Situation Worse Posted on: March 22, 2019 In: Data Privacy & Cybersecurity
Companies who make a Bitcoin payment in the face of a ransomware attack may run afoul of U.S. anti-money laundering laws. In particular, any company that makes such a payment risks being categorized as a “money service business” under the Bank Secrecy Act and corresponding U.S. Treasury regulations, opening them up to a whole host of compliance statutes and regulations.
Read more »
-
Ransomware: Recommendations for Preparation and Response Posted on: January 03, 2019 In: Data Privacy & Cybersecurity
The response to an encryption attack can be very difficult. Encrypted critical data usually places a business in a crisis with no ability – or an extremely limited ability – to conduct basic operations. Too few organizations have developed incident response plans providing for contingent or out-of-band communications. Often, before consulting any incident response experts, the victim business has communicated with the attacker and revealed information that the attacker is able to leverage in negotiations.
Read more »
-
Protecting Against Ransomware Attacks: Security and Best Practices Tips Posted on: April 11, 2018 In: Data Privacy & Cybersecurity
Encryption attacks, more commonly known as ransomware, are one of the major cyber threats facing businesses today. No company is immune from threat of attack—any business that is connected to the internet is at risk. Industry experts estimate that a business falls victim to a ransomware event every 40 seconds.
Read more »