Zain Haq

About Zain Haq

Zain Haq regularly advises companies in responding to ransomware gangs, nation-state -sponsored threat actors, and sophisticated cyberattacks. He helps clients develop proactive strategies to mitigate risk, prepare for incidents, and manage the full lifecycle of a cybersecurity crisis – from initial detection and containment to legal and regulatory compliance.

[Read Bio]

NYDFS Issues Guidance on Heightened Cybersecurity and Sanctions Risk from Global Conflict

June 27, 2025 By Kim Peretti and Zain Haq

Overview On June 23, 2025, the New York State Department of Financial Services (“NYDFS”) issued an industry letter encouraging all regulated entities to review their cybersecurity and sanctions compliance programs in light of heightened geopolitical tensions. The letter, titled “Impact of Global Conflict on Cybersecurity and Sanctions Risk,” emphasizes the elevated risk environment and reaffirms […]

Texas AG Secures $1.375 Billion from Google: Key Takeaways for Companies Collecting Consumer Data

May 14, 2025 By Alex Brown and Zain Haq

On May 9, 2025, the Texas Attorney General Ken Paxton announced a $1.375 billion settlement with Google—by far the largest state-level privacy settlement reached against Google to date. The settlement resolves lawsuits filed in 2022 alleging that Google unlawfully collected, stored, and used Texans’ sensitive personal data without consent, including location information, biometric identifiers, and […]

CISA Issues Enhanced Guidance to Mitigate Cyber Threats to Operational Technology Systems

May 9, 2025 By Kim Peretti and Zain Haq

Overview On May 6, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the FBI, Environmental Protection Agency (EPA), and Department of Energy (DOE), issued a joint fact sheet titled “Primary Mitigations to Reduce Cyber Threats to Operational Technology.” The document highlights priority actions that owners and operators of Operational Technology (OT) systems […]

Emergence of Medusa Ransomware

March 14, 2025 By Kim Peretti and Zain Haq

On March 12, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), issued a joint cybersecurity advisory on the growing threat of Medusa ransomware. First detected in June 2021, Medusa operates under a ransomware-as-a-service (RaaS) model, allowing affiliates […]

Ghost (Cring) Ransomware: Understanding The Threat & How Enterprises Can Defend Themselves

February 21, 2025 By Kim Peretti and Zain Haq

On February 19, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), issued a joint cybersecurity advisory on the growing threat of Ghost (Cring) ransomware. Active since early 2021, this ransomware group has targeted organizations in over 70 […]