On September 21, 2021, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an “Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments.” While this advisory explicitly supersedes OFAC’s previous ransomware advisory from October 2020, it does not fundamentally alter OFAC’s approach towards ransom payments. Like the prior guidance, OFAC’s […]
U.S. and Allies Formally Accuse China of Microsoft Hack and Cyberespionage
On July 19, 2021, the Biden administration, along with a group of allies publicly accused the Chinese government of malicious cyber activities and irresponsible state behavior. The joint announcement states the U.S. uncovered a wide array of cyberattacks by hackers with a history of working for the China’s Ministry of State Security (MSS). Importantly, the […]
People’s Republic of China Passes the Data Security Law: A Summary of What We Know
On June 10, 2021, almost exactly three years after the passing of its Cybersecurity Law (CSL), the National People’s Congress of China passed a new Data Security Law (DSL) (click here for an unofficial English translation of the DSL), which goes into effect September 1, 2021. Where the CSL is primarily focused on cybersecurity […]
NYDFS Issues Guidance on Cybersecurity Controls to Combat Ransomware and Clarifies Reporting Obligations
The New York Department of Financial Services (NYDFS) issued new guidance this week intended to assist organizations in thwarting ransomware attacks. The guidance clarifies the NYDFS’ expectation that NYDFS-regulated companies should “implement these controls whenever possible” and report any successful deployment of ransomware or unauthorized access to privilege accounts to the NYDFS under its established […]