Tag Archive for: LLP

“Whole of Government” Anti-Ransomware Campaign on Full Display | Davis Wright Tremaine LLP

/in


November 8, 2021, may have been the most significant single day in the United States’ “whole of government” anti-ransomware campaign. The Department of Justice, Department of the Treasury, and Department of State all announced major actions—most of which were targeted against the REvil criminal hacking group.

Since 2019, REvil (also known as Sodinokibi) has been one of the most notorious and prolific perpetrators of ransomware attacks, including the attack against international meat processor JBS in May 2021 and the attack targeting Kaseya and up to 1,500 users of the company’s VSA software in July 2021.

We summarize the Monday’s major activities here.

Department of Justice: Indictments Against REvil Leaders and Seizure of $6.1M

The Department of Justice announced indictments in the Northern District of Texas against two individuals associated with REvil: Yaroslav Vasinskyi of Ukraine and Yevgeniy Polyanin of Russia. The two are charged with several counts of conspiracy to commit fraud, violate the Computer Fraud and Abuse Act, and launder money.

Vasinskyi was arrested in Poland on October 8, 2021, and is being held there as the United States seeks his extradition. The federal government alleges that Vasinskyi was responsible for REvil’s attack against Kaseya, headquartered in Austin, Texas, among other attacks dating back to 2019.

Polyanin, who has not been detained, is alleged to have perpetrated attacks against numerous companies in Texas throughout 2019. In addition to the indictments against Polyanin, the Department of Justice announced the seizure of $6.1 million in funds traceable to alleged ransom payments from his account with FTX, a cryptocurrency exchanged based in the Bahamas.

The cases against Vasinskyi and Polyanin are part of the Department of Justice’s Ransomware and Digital Extortion Task Force created last spring. The Department of Justice credited an international effort with the arrest of Vasinskyi and the indictments and the seizure of Polyanin’s funds.

Also on November 8, 2021, the European Union Agency for Law Enforcement Cooperation (commonly known as “Europol”) announced that Romanian authorities arrested two other individuals for suspected…

Source…

NIST Releases New “Cybersecurity Framework Profile for Ransomware Risk Management” to Battle Growing Threat of Ransomware Attacks | Faegre Drinker Biddle & Reath LLP

/in


Ransomware incidents continue to be on the rise, wreaking havoc for organizations globally. Ransomware attacks target an organization’s data or infrastructure, and, in exchange for releasing the captured data or infrastructure, the attacker demands a ransom. This creates a dilemma for organizations — the decision to pay the ransom, relying on the attacker to release the data as they say, or to reject the ransom demand and try to restore the data or operations on their own.

On the heels of new federal actions related to cyber security, the National Institute of Standards and Technology (NIST) recently issued a Cybersecurity Framework Profile for Ransomware Risk Management (Ransomware Profile), currently designated as “NISTIR 8374.” This new Ransomware Profile “maps security objectives” from the Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 (Cybersecurity Framework). The Ransomware Profile “can be used as a guide to managing the risk of ransomware events” and can help “gauge an organization’s level of readiness to mitigate ransomware threats and to react to the potential impact of events.”

This is the second cybersecurity framework profile recently released by NIST to help reverse ransomware attacks. In late 2020, NIST released its “Zero Trust Architecture” framework as an additional alternative to ransomware defense. To learn more about NIST’s Zero Trust Architecture model,  read here.

This new NIST Ransomware Cybersecurity Framework Profile is composed of three unique parts:

  • The Framework Core
  • The Framework Implementation Tiers
  • The Framework Profile

Additionally, the Framework Core includes five parts, intended to be concurrent and continuous functions that adopting entities should employ:

  • Identify
  • Protect
  • Detect
  • Respond
  • Recover

These functions “provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk” and, to simplify what NIST is propounding, the Ransomware Profile expands on the Cybersecurity Framework by using the five parts of the Framework Core to offer practical steps that organizations can take to safeguard their networks from potential…

Source…

OFAC Targets Virtual Currency Exchange for Allegedly Facilitating Ransomware Attack | Ballard Spahr LLP

/in


First Post in a Two-Part Series on Recent OFAC Designations

On September 21, 2021 OFAC issued its first sanctions designation against a virtual currency exchange by designating the virtual currency exchange, SUEX OTC, S.R.O. (SUEX) “for its part in facilitating financial transactions for ransomware variants.”  Although this is a unique development, the broader and more important issue for any financial institution or company facing a ransomware attack is the continuing problem encapsulated in OFAC’s six-page Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, which OFAC released in conjunction with the announcement of the SUEX designation.  The Updated Advisory illustrates a “Catch 22” scenario, in which a victim that halts a ransomware attack by making the demanded payment then may find itself under scrutiny from OFAC on a strict-liability basis if it turns out that the attackers were sanctioned or otherwise had a sanctions nexus.  The Updated Advisory states that OFAC will consider self-reporting, cooperation with the government and strong cybersecurity measures to be mitigating factors in any contemplated enforcement action.

OFAC has been busy.  Tomorrow, we will blog on a more traditional action announced by OFAC right before the SUEX designation:  OFAC’s designation of members of a network of financial conduits funding Hizballah and Iran’s Islamic Revolutionary Guard Corps-Qods Force.  This designation is notable for the targets’ alleged use of gold as a vehicle to launder illicit funds through front companies.

The Blacklisting of SUEX

According to OFAC, over 40% of SUEX’s known transaction history is associated with illicit actors.  As a result, SUEX is prohibited from transacting with U.S. persons or transacting within the United States, and financial institutions and other persons that engage in certain transactions or activities with the sanctioned entities and individuals may expose themselves to sanctions or be subject to an enforcement action.  OFAC issued the designation pursuant to Executive Order (E.O.) 13694, entitled “Blocking the Property of Certain Persons Engaging in Significant Malicious…

Source…

The UK’s National AI Strategy: setting a 10-year agenda to make the UK a “global AI superpower” | Allen & Overy LLP

/in


Why do we need a National AI Strategy

The AI Council recognised that its Roadmap of sixteen recommendations (regarding R&D, skills and diversity, data, infrastructure, public trust, investment and adoption) would need to be rolled out over time and therefore, it encouraged the UK Government to produce a National AI Strategy.

In its published form, the National AI Strategy (the Strategy) sets out a 10-year plan to make the UK “a global AI superpower” building on research and development success in the field as well as previous AI Sector Deal investment and establishment of AI bodies and structures (not least the AI Council and Centre for Data Ethics and Innovation (CDEI)).

The Strategy notes specific goals for the UK to experience significant growth in AI discoveries made, commercialised and exploited in the UK, associated economic and productivity growth and to establish a trusted and pro-innovation AI governance system. But more generally, the Strategy mirrors other recent publications, highlighting the UK Government’s desire to provide a pro-innovation environment, with a business-friendly regulatory framework, whilst protecting the public and fundamental values.

The Strategy differentiates AI (defined as “machines that perform tasks normally requiring human intelligence, especially when the machines learn from data how to do those tasks”) from other technology or digital policy, calling out features that the UK Government considers require a unique policy response. These include, for example, questions regarding liability, fairness, transparency bias, risk and safety arising from AI system autonomy and algorithm complexity; issues regarding greater infrastructure requirements necessary to perform; multiple skills sets necessary and lengthy commercialisation journeys.

The three pillars

The National AI Strategy points to three core pillars:

• Investment in long term needs of the AI ecosystem-to ensure competitiveness
• Supporting transition to an AI enabled economy-considering all sectors and regions
• Ensuring the right national and international governance of AI technologies-working with global partners to promote responsible AI development

It identifies…

Source…