Tag Archives: Ransomware

Ransomware payments continue to be a focus of the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”). As previously reported by Foley Hoag, on October 1, 2020, OFAC released an advisory regarding potential sanctions risks related to facilitating ransomware payments. Almost a year later, on September 21, 2021, OFAC updated its advisory to provide additional guidance regarding what OFAC considers to be mitigating factors if facilitating a ransomware payment results in an apparent violation of U.S.… More

Ransomware payments continue to be a focus of the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”). As previously reported by Foley Hoag, on October 1, 2020, OFAC released an advisory regarding potential sanctions risks related to facilitating ransomware payments. Almost a year later, on September 21, 2021, OFAC updated its advisory to provide additional guidance regarding what OFAC considers to be mitigating factors if facilitating a ransomware payment results in an apparent violation of U.S.… More

On July 28, 2021, President Biden issued a Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems.  The Memo recognizes that the protection of the nation’s critical infrastructure lies not only with government, i.e., at the federal, state, local, tribal, and territorial levels, but with critical infrastructure owners and operators.  In addition, the Memo states that cybersecurity threats to critical infrastructure, and the systems that control and operate it,… More

In response to the spate of ransomware attacks, the United States has launched a website, www.cisa.gov/stopransomware.   According to the government press release, the website’s aim is:

to help public and private organizations defend against the rise in ransomware cases. StopRansomware.gov<http://stopransomware.gov/> is a whole-of-government approach that gives one central location for ransomware resources and alerts. We encourage organizations to use this new website to understand the threat of ransomware,… More

If you aren’t following the ransomware attack on Kaseya’s VSA product and approximately 800-1500 of its users, you should be.  Like many cyberattacks, this one came on the verge of a holiday weekend.  As the company itself notes, “Kaseya’s VSA product has unfortunately been the victim of a sophisticated cyberattack.   Due to our teams’ fast response, we believe that this has been localized to a very small number of on-premises customers only. … More

On October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory to alert companies that might pay ransomware attackers of the potential sanctions risks for facilitating ransomware payments.  In particular, the alert targeted “financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response….”  While this is an advisory and does not have the force of law,… More

First, the basic facts about the recent ransomware attack:

• US-CERT has received multiple reports of WannaCry ransomware infections in several countries around the world.
• Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee access will be restored.…

More

The FBI recently released an article discussing the spate of ransomware attacks on a variety of different entities, including hospitals. In the article, the FBI warned that ransomware attacks and the cybercriminals carrying them out are growing increasingly sophisticated.  The FBI opposes paying a ransom when hit by a ransomware attack, saying that doing do incentivizes more ransomware attacks, can inadvertently fund other illegal activity, and does not always result in the restoration of access. … More

In Case You Missed It: US and EU officials signed on to the so-called “Privacy Umbrella” deal last week.  The agreement is designed to protect the personal data of EU citizens when it is transferred to the US for law enforcement purposes — a sort of criminal counterpart to the sturdier-sounding Privacy Shield we discussed here last Thursday.  And, like the Shield, the Umbrella has drawn its share of critics,… More

Unfortunately, health care providers are the perfect mark for theft and extortion because they have huge amounts of sensitive information and maintain such information in computer databases at risk of infiltration. On May 17, Foley Hoag presented a webinar discussing the ongoing crime sprees involving theft of patients’ identities and health information; ransomware involved in these crimes; related data security issues affecting health care providers; and how they implicate law enforcement and the criminal law aspects of HIPAA.… More