Disruptionware VII: The Evolution of Disruptionware and the Growth of Ransomware as a Service (RaaS)

Share

I have written multiple times about the danger of disruptionware to both Information Technology (IT) networks as well as Operational Technologies (OT) networks of victims globally. As discussed here, many different nefarious tools make up the disruptionware “tool kit.” These tools include, but are not limited to:

  • Ransomware
  • Wipers
  • Bricking capabilities tools
  • Automated components
  • Data exfiltration tools
  • Network reconnaissance tools

The most well-known and most used of all these tools is ransomware malware. Ransomware attacks have grown exponentially over the past few years. Dozens of ransomware gangs are launching ransomware attacks and terrorizing and extorting businesses throughout the world. This has included specific attacks against the U.S. energy sector as well as U.S. infrastructure projects.

Continue reading “Disruptionware VII: The Evolution of Disruptionware and the Growth of Ransomware as a Service (RaaS)”

Fall Cybersecurity Enforcement Update: State and Federal Regulators Increase Scrutiny on Victims of Cyberattacks

Share

We have written here previously about the dramatic increase in cyberattacks on companies of all types since the start of the COVID-19 pandemic. Indeed, by some estimates, ransomware attacks have increased over 90% during the first half of 2021 compared to the same period last year. As these and other types of cyberattacks have increased, various federal and state regulators have correspondingly stepped up efforts to investigate and bring enforcement actions – which often include large fines – against companies that are perceived to have been negligent in their cybersecurity efforts. Two of the most active agencies in cybersecurity enforcement have been the New York Department of Financial Services (NYDFS) and the United States Securities & Exchange Commission (SEC), both of which have made important announcements regarding cybersecurity compliance in the past few months.

Continue reading “Fall Cybersecurity Enforcement Update: State and Federal Regulators Increase Scrutiny on Victims of Cyberattacks”

Senators Introduce Bipartisan Legislation To Require Federal Contractors and Operators of Critical Infrastructure to Disclose Cyber Intrusions

Share

A bipartisan group of 14 United States senators recently introduced proposed legislation that would require federal contractors and operators of critical infrastructure to disclose any cyber intrusion within 24 hours. A copy of the proposed legislation can be found here.

Currently, there is no federally mandated reporting requirement for cyberattacks on American infrastructure targets. The newly proposed legislation is designed to prevent these attacks from going unreported and uninvestigated.

Continue reading “Senators Introduce Bipartisan Legislation To Require Federal Contractors and Operators of Critical Infrastructure to Disclose Cyber Intrusions”

Faegre Drinker on Law and Technology Podcast: Practical Tips To Keep Phishing Attacks at Bay

Share

Phishing attacks are simple, widely used and highly effective — and they can be devastating to the people and organizations they target. In this episode of the Faegre Drinker on Law and Technology Podcast, host Jason G. Weiss sits down with Art Ehuan, vice president of Palo Alto Networks, and Chris Holden, chief information security officer at Crum & Forster, to discuss practices and defense strategies to keep phishing attacks at bay.

Continue reading “Faegre Drinker on Law and Technology Podcast: Practical Tips To Keep Phishing Attacks at Bay”

Faegre Drinker on Law and Technology Podcast: An Interview With Cybersecurity Regulators

Share

The regulation of cybersecurity remains a new and rapidly evolving space — and regulatory activity and priorities can be somewhat opaque to outside observers. In this special episode of the Faegre Drinker on Law and Technology Podcast, host Jason G. Weiss shares a discussion led by Faegre Drinker’s Peter Baldwin, who sat down with Brent Wilner, senior advisor to the Securities and Exchange Commission’s (SEC) Cyber Unit, and Justin Herring, leader of the New York Department of Financial Services’ (NYDFS) Cybersecurity Division. The two guests share their insights on each agency’s priorities in cybersecurity, data protection and enforcement.

Continue reading “Faegre Drinker on Law and Technology Podcast: An Interview With Cybersecurity Regulators”

A New Sheriff in Town: Enforcement of the CCPA Picks Up Under Bonta

Share

The California Office of the Attorney General, under the leadership of new Attorney General Rob Bonta, has taken significant actions in recent weeks indicating that it is ramping up and potentially adding a new area of focus in its enforcement of the California Consumer Privacy Act. Read on for some important considerations for businesses.

Continue reading “A New Sheriff in Town: Enforcement of the CCPA Picks Up Under Bonta”

©2025 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy