On October 13, 2020, state financial regulators in partnership with the Bankers Electronic Crimes Taskforce and the U.S. Secret Service, released the Ransomware Self-Assessment Tool (R-SAT) to help financial institutions mitigate the risks of ransomware. The R-SAT is a detailed questionnaire designed to evaluate the effectiveness of an institution’s general security controls as well as […]
Cyber Risk
FinCEN Alerts Financial Institutions on Role in Facilitating Ransomware Attacks
With an increase in the frequency, sophistication, and cost of ransomware attacks, the Financial Crimes Enforcement Network (FinCEN) issued an advisory on October 1, 2020 alerting financial institutions to ransomware trends and typologies, and related financial red flags, that may result in a regulatory obligation to report and share information related to ransomware attacks. Based […]
OFAC Ransomware Advisory Warns Companies of Potential Civil Liability
Yesterday, October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued its “Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments.” The advisory begins with the observation that “ransomware attacks have become more focused, sophisticated, costly, and numerous,” citing certain FBI statistics, before making clear what was already well […]
SEC Creates Event and Emerging Risk Examination Team
Following OCIE’s recent and detailed risk alert regarding the threat of ransomware, the SEC today announced that it has created the Event and Emerging Risk Examination Team (EERT) as a part of the Office of Compliance Inspections and Examinations (OCIE). The EERT will engage with registrants regarding emerging threats and current market events, to provide […]
UK National Cyber Security Centre Advisory: Russian Attackers, APT29, Targets Companies Involved in COVID-19 Vaccine Development
Yesterday, the UK National Cyber Security Centre and Canada’s Communications Security Establishment released an advisory linking APT29 (also known as, ‘the Dukes’ or ‘Cozy Bear’) to attacks against COVID-19 vaccine development in Canada, the US and the UK. The Advisory stated that APT29 is “almost certainly part of the Russian intelligence services.” APT29/Cozy Bear was […]