In early October 2025, several media outlets reported that United States telecommunications services had been infiltrated by state affiliated threat actors linked to the People’s Republic of China (“PRC”). These reports were...more
On October 1, 2024, the Department of Justice (“DOJ”) unsealed an indictment against Aleksandr Viktorovich Ryzhenkov (Александр Викторович Рыженков), a member of the ransomware group Evil Corp. The indictment charges...more
The ubiquity of artificial intelligence (AI) has heightened companies’ exposure to cyberattacks of increasingly greater sophistication. Our Privacy, Cyber & Data Strategy Team explores how businesses can enhance their...more
10/2/2024
/ Artificial Intelligence ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Cybersecurity Framework ,
Data Security ,
Deep Fake ,
Employee Training ,
Machine Learning ,
Phishing Scams ,
Risk Management
Ransomware attacks are hitting record highs in 2024 and show no sign of slowing down as new criminal groups enter the scene and employ a variety of evolving tactics. This post identifies key highlights of ransomware activity...more
On Thursday, August 8, 2024, the United States Department of Justice (“DOJ”) announced that it had charged a Nashville man for his alleged role in assisting the Democratic People’s Republic of Korea (“DPRK” or “North Korea”)...more
On July 18, 2024, a federal jury in Delaware found that an online travel booking company violated the Computer Fraud and Abuse Act (CFAA) by accessing portions of a European airline’s website without permission and “with...more
On May 7, 2024, the United States unsealed an indictment against Dmitry Yuryevich Khoroshev, one of the leaders of the Russian-based ransomware group LockBit, for his alleged involvement in developing and distributing the...more
Threat actors are evolving. Our Privacy, Cyber & Data Strategy Team explains how ransomware gangs have changed their tactics and how companies can respond to the threat while navigating new scrutiny from investors and...more
2/26/2024
/ Corporate Counsel ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Data Theft ,
NYDFS ,
Popular ,
Ransomware ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)
On December 19, 2023, the Justice Department (“DOJ”) announced a disruption campaign against the Blackcat ransomware group. In the same press release, they also stated that the Federal Bureau of Investigation (“FBI”) had...more
Just a month before the Security and Exchange Commission’s (“SEC’s”) Material Cybersecurity Incidents Rule is set to take effect, a ransomware group has apparently taken compliance with reporting requirements into its own...more
The Federal Bureau of Investigation (FBI) issued a Private Industry Notification on September 27, 2023, highlighting two concerning ransomware trends and providing companies with guidance on mitigating potential threat actor...more
On June 7, 2023, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Joint Cybersecurity Advisory in connection with a recent zero-day (or previously...more
The United Kingdom’s National Cyber Security Centre (NCSC) recently released its 2022 Annual Review, which reports on the state of cyber security threats in the country. As the UK’s technical authority for cyber security, the...more
According to recent media reports there have been several instances of blockchain bridges being hacked this year, including reports on August 2 that a bridge lost close to $200 million to upwards of 40 hackers who exploited a...more
Today, the Department of Justice (“DOJ”) updated its policy regarding charging violations under the Computer Fraud and Abuse Act (“CFAA”). This is the first update to the DOJ’s policy since 2014, and it is effective...more
On February 9, 2022 the United States, United Kingdom, and Australia issued a joint Cybersecurity Advisory on the “Increased Globalized Threat of Ransomware” against critical infrastructure sectors (“Advisory”). The Advisory...more
At the heels of a recent Civil Cyber-Fraud Initiative related to cybersecurity practices and the False Claims Act (FCA), a cybersecurity-related FCA case has survived a motion for summary judgment, teeing up a trial to...more
2/7/2022
/ Compliance ,
Cyber Crimes ,
Cybersecurity ,
Data Protection ,
Data Security ,
Department of Defense (DOD) ,
Disclosure Requirements ,
False Claims Act (FCA) ,
Federal Contractors ,
Fraud ,
NASA ,
Popular
Russia’s Federal Security Service (“FSB”) issued a press release on January 14, 2022 claiming that it dismantled the REvil ransomware gang by arresting 14 suspected members and seizing computer equipment, luxury vehicles,...more
Log4j is a java-based tool from Apache’s open source library used for parsing logs that never seems to have made headlines before this past weekend. Now, following the December 9th public announcement of a vulnerability in...more
Companies face increasingly tough decision points in preparing for and responding to the proliferation of ransomware attacks. Our Privacy, Cyber & Data Strategy Group outlines seven issues for general counsel to consider as...more
Selected Developments in U.S. Law - NYDFS Issues Report on the SolarWinds Attack and Covered Entities’ Responses Following the SolarWinds cyber espionage attack and the resulting focus on supply chain risk, the New York...more
5/14/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Security ,
FBI ,
NYDFS ,
Phishing Scams ,
Popular ,
Ransomware ,
Safe Harbors ,
Settlement ,
SolarWinds ,
Supply Chain
On April 13, 2021, a federal district court granted a motion to partially unseal an FBI application and search warrant following the successful conclusion of an FBI operation to eradicate malicious web shells placed on...more
On Sunday, December 13, 2020, SolarWinds announced that it had learned of a “highly sophisticated, manual supply chain attack” by a nation state affecting its Orion Platform, which is used by a wide variety of public and...more
Take a journey around the world as our Cybersecurity & Preparedness Response Team reviews how the United States responded to state-sponsored cyberattacks and offers 10 lessons the private sector can use to strengthen their...more