North Carolina Becomes First State to Prohibit Public Entities from Paying Ransoms

Hunton Andrews Kurth writes:

On April 5, 2022, North Carolina became the first state in the U.S. to prohibit state agencies and local government entities from paying a ransom following a ransomware attack.

North Carolina’s new law, which was passed as part of the state’s 2021-2022 budget appropriations, prohibits government entities from paying a ransom to an attacker who has encrypted their IT systems and subsequently offers to decrypt that data in exchange for payment. The law prohibits government entities from even communicating with the attacker, instead directing them to report the ransomware attack to the North Carolina Department of Information Technology in accordance with G.S. 143B‑1379.

CrowdStrike catches insider feeding information to ScatteredLapsus$Hunters
Threat actors have reportedly launched yet another campaign involving an application connected to Salesforce
Sue The Hackers – Google Sues Over Phishing as a Service
Five major changes to the regulation of cybersecurity in the UK under the Cyber Security and Resilience Bill
From bad to worse: Doctor Alliance hacked again by same threat actor (2)
Draft UK Cyber Security and Resilience Bill Enters UK Parliament

Related: