Tag Archive for: Drinker

Ransomware Payments Become an Even Riskier Choice Amidst the Ever-Growing Sanctions List | Faegre Drinker Biddle & Reath LLP

/in


In February 2022, Executive Order 14024 highlighted that Russia’s invasion of Ukraine threatened not only Ukraine but also the national security and foreign policy of the United States. Pursuant to this executive order, and in the face of national security concerns, the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) has instituted extensive sanctions, including both economic and trade sanctions. Also, in response to the national security concerns, the Cybersecurity and Infrastructure Security Agency (CISA) issued a Shields Up notice, urging companies to bolster their cybersecurity to protect themselves against the threat of a cyberattack.

As the conflict between Russia and Ukraine continues, the threat of a cyberattack, specifically ransomware and NotPetya-style attacks, remains top of mind. However, as entities continue to bolster their cybersecurity and protect themselves against these attacks, they should be cognizant of the implications that OFAC sanctions may have in connection with such an attack.

All U.S. persons must comply with the sanctions against Russia. U.S. persons are defined as U.S. citizens and permanent residents regardless of location, as well as all persons and entities who are in the U.S. and all entities incorporated in the U.S. and any of their foreign branches.

This analysis becomes complicated during ransomware attacks. When an entity is the victim of a ransomware attack, they typically have to make a decision about whether to pay the attacker a ransom in order to retrieve their data or to get a key to unencrypt their data. Ransom payments — including payments with cryptocurrency or payments facilitated through third parties — to sanctioned persons or entities are in violation of the OFAC regulations. In light of the Russia-Ukraine conflict, the number of sanctioned individuals and entities has increased dramatically, making it more difficult to ensure that an entity requesting a ransom payment is not subject to sanctions.

Making a ransomware payment where it is known that the ransomware attacker originated from a person or group on the OFAC sanctions list is in violation of the OFAC regulations and subjects the payor…

Source…

NIST Releases New “Cybersecurity Framework Profile for Ransomware Risk Management” to Battle Growing Threat of Ransomware Attacks | Faegre Drinker Biddle & Reath LLP

/in


Ransomware incidents continue to be on the rise, wreaking havoc for organizations globally. Ransomware attacks target an organization’s data or infrastructure, and, in exchange for releasing the captured data or infrastructure, the attacker demands a ransom. This creates a dilemma for organizations — the decision to pay the ransom, relying on the attacker to release the data as they say, or to reject the ransom demand and try to restore the data or operations on their own.

On the heels of new federal actions related to cyber security, the National Institute of Standards and Technology (NIST) recently issued a Cybersecurity Framework Profile for Ransomware Risk Management (Ransomware Profile), currently designated as “NISTIR 8374.” This new Ransomware Profile “maps security objectives” from the Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 (Cybersecurity Framework). The Ransomware Profile “can be used as a guide to managing the risk of ransomware events” and can help “gauge an organization’s level of readiness to mitigate ransomware threats and to react to the potential impact of events.”

This is the second cybersecurity framework profile recently released by NIST to help reverse ransomware attacks. In late 2020, NIST released its “Zero Trust Architecture” framework as an additional alternative to ransomware defense. To learn more about NIST’s Zero Trust Architecture model,  read here.

This new NIST Ransomware Cybersecurity Framework Profile is composed of three unique parts:

  • The Framework Core
  • The Framework Implementation Tiers
  • The Framework Profile

Additionally, the Framework Core includes five parts, intended to be concurrent and continuous functions that adopting entities should employ:

  • Identify
  • Protect
  • Detect
  • Respond
  • Recover

These functions “provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk” and, to simplify what NIST is propounding, the Ransomware Profile expands on the Cybersecurity Framework by using the five parts of the Framework Core to offer practical steps that organizations can take to safeguard their networks from potential…

Source…