Emily Poole of Alston & Bird writes: As ransomware attacks continue to dominate the news cycle, legislation has recently been introduced in several states that would place limits on certain entities’ ability to pay a ransom payment in the event of a ransomware attack. Although the proposed limits would generally apply to state agencies and…
Category: Commentaries and Analyses
Fake DarkSide gang targets energy, food industry in extortion emails
Lawrence Abrams reports: Threat actors impersonate the now-defunct DarkSide Ransomware operation in fake extortion emails sent to companies in the energy and food sectors. […] In a new report, Trend Micro researchers reveal that a new extortion campaign started in June where threat actors are impersonating the DarkSide ransomware gang. “Several companies in the energy…
First American Financial Pays Farcical $500K Fine – Krebs
Brian Krebs reports: In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. [NYSE:FAF] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years. This week, the U.S. Securities and Exchange Commission settled its investigation into the matter after the…
For hacked companies, paying a ransom may not work: Many say they paid but were attacked again
Hiawatha Bray reports: To pay or not to pay? For organizations victimized by ransomware, that’s a tricky question that may not have a good answer. A report from the Boston tech security firm Cybereason argues that paying off cybercriminals may not get businesses off the hook. In a global survey of nearly 1,300 security professionals, two-thirds said…
Lightfoot, Franklin & White notifies clients of ransomware incident
Lightfoot, Franklin & White, LLC is a law firm based in Birmingham, Alabama that handles commercial litigation, product liability, professional liability, white-collar criminal, and other legal matters. In a copy of a notification obtained by DataBreaches.net, they forthrightly informed affected clients that there had been a ransomware incident: On April 17, 2021, we learned of…
Did your risk assessment include what’s in your employees’ email accounts?
Today’s reminder that employee email accounts often contain a ton of personal and sensitive information, and if you cannot figure out what emails or attachments were accessed, you will have one helluva task when it comes to notifications. From STG International‘s notification: STG International, Inc. (“STGi”) is providing notice of a recent event that may…