Over the past several years, the energy sector has become a prime target for hacking and ransomware attacks, with over 40 attacks on the industry since 2017. Cyber attacks have only continued to rise, with a record high of 13 reported attacks in one year occurring in 2022.
Physical Security Threats to U.S. Energy Infrastructure
A new type of threat against the energy sector crystallized at the end of 2022: physical attacks on the grid. … More
Ransomware payments continue to be a focus of the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”). As previously reported by Foley Hoag, on October 1, 2020, OFAC released an advisory regarding potential sanctions risks related to facilitating ransomware payments. Almost a year later, on September 21, 2021, OFAC updated its advisory to provide additional guidance regarding what OFAC considers to be mitigating factors if facilitating a ransomware payment results in an apparent violation of U.S.… More
Ransomware payments continue to be a focus of the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”). As previously reported by Foley Hoag, on October 1, 2020, OFAC released an advisory regarding potential sanctions risks related to facilitating ransomware payments. Almost a year later, on September 21, 2021, OFAC updated its advisory to provide additional guidance regarding what OFAC considers to be mitigating factors if facilitating a ransomware payment results in an apparent violation of U.S.… More
On July 28, 2021, President Biden issued a Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems. The Memo recognizes that the protection of the nation’s critical infrastructure lies not only with government, i.e., at the federal, state, local, tribal, and territorial levels, but with critical infrastructure owners and operators. In addition, the Memo states that cybersecurity threats to critical infrastructure, and the systems that control and operate it,… More
In response to the spate of ransomware attacks, the United States has launched a website, www.cisa.gov/stopransomware. According to the government press release, the website’s aim is:
to help public and private organizations defend against the rise in ransomware cases. StopRansomware.gov<http://stopransomware.gov/> is a whole-of-government approach that gives one central location for ransomware resources and alerts. We encourage organizations to use this new website to understand the threat of ransomware,… More
If you aren’t following the ransomware attack on Kaseya’s VSA product and approximately 800-1500 of its users, you should be. Like many cyberattacks, this one came on the verge of a holiday weekend. As the company itself notes, “Kaseya’s VSA product has unfortunately been the victim of a sophisticated cyberattack. Due to our teams’ fast response, we believe that this has been localized to a very small number of on-premises customers only. … More
On October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory to alert companies that might pay ransomware attackers of the potential sanctions risks for facilitating ransomware payments. In particular, the alert targeted “financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response….” While this is an advisory and does not have the force of law,… More
First, the basic facts about the recent ransomware attack:
The FBI recently released an article discussing the spate of ransomware attacks on a variety of different entities, including hospitals. In the article, the FBI warned that ransomware attacks and the cybercriminals carrying them out are growing increasingly sophisticated. The FBI opposes paying a ransom when hit by a ransomware attack, saying that doing do incentivizes more ransomware attacks, can inadvertently fund other illegal activity, and does not always result in the restoration of access. … More
In Case You Missed It: US and EU officials signed on to the so-called “Privacy Umbrella” deal last week. The agreement is designed to protect the personal data of EU citizens when it is transferred to the US for law enforcement purposes — a sort of criminal counterpart to the sturdier-sounding Privacy Shield we discussed here last Thursday. And, like the Shield, the Umbrella has drawn its share of critics,… More