Kim Peretti

About Kim Peretti

A former DOJ cybercrime prosecutor and former director of PwC's cyber forensics group, Kim delivers top of the line cyber risk management and information security counsel to her clients. As co-leader of our Privacy, Cyber & Data Strategy Team, Kim is recognized by select publications and is frequently quoted by the media.

[Read Bio]

Russia Arrests Suspected Members of REvil Ransomware Gang

January 19, 2022 By Kellen Dwyer and Kim Peretti

Russia’s Federal Security Service (“FSB”) issued a press release on January 14, 2022 claiming that it dismantled the REvil ransomware gang by arresting 14 suspected members and seizing computer equipment, luxury vehicles, bitcoin, and fiat currency valued at over $1 million. REvil is a notorious cybercriminal organization that claimed responsibility for a ransomware attack last […]

CISA Releases Warning of Destructive Malware Targeting Ukrainian Organizations

January 18, 2022 By Kim Peretti, Kellen Dwyer and Lance Taubin

On January 16, 2022, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) released a warning regarding destructive malware targeting Ukrainian organizations, including Ukrainian government agencies. The malware was found in multiple government, non-profit, and information technology organizations, all based in Ukraine. CISA’s warning comes on the heels of a separate targeted attack […]

Update: FTC Amendments to the Safeguards Rule and Request for Comment on Proposed Reporting Requirement Published to the Federal Register

December 15, 2021 By Kim Peretti, Kathleen Benway and Kate Hanniford

As an update to prior coverage of the FTC’s final revisions to the Gramm-Leach-Bliley Safeguards Rule (Final Rule), following its publication in the Federal Register on December 9, 2021, the Final Rule now will take effect on January 8, 2022, 30 days after publication in the Federal Register. Revisions to the Final Rule include an […]

NYDFS Issues Guidance on Multi-Factor Authentication

December 14, 2021 By Kim Peretti and Kate Hanniford

The New York Department of Financial Services (NYDFS) continues to refine its position regarding the importance of and requirements regarding Multi-Factor Authentication (MFA), as evidenced most recently with the release of new guidance. This new guidance is consistent with its June guidance, in which NYDFS clarified its expectation that NYDFS-regulated covered entities subject to 500.12 […]

CISA Issues Statement on Log4j Critical Vulnerability

December 13, 2021 By Kim Peretti and Jon Knight

Log4j is a java-based tool from Apache’s open source library used for parsing logs that never seems to have made headlines before this past weekend. Now, following the December 9th public announcement of a vulnerability in this tool, public and private sector security partners are issuing warnings about this “critical vulnerability.” While the full scope […]