The Cybersecurity & Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and international partners issued an updated advisory on July 29, 2025, highlighting the evolving tactics, techniques, and...more
The New York State Department of Health has issued an urgent cybersecurity advisory (the Advisory) warning of increased threat levels and a higher likelihood of cybersecurity attacks from Iranian state-backed actors following...more
On March 12, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), issued a...more
3/17/2025
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Protection ,
Data Security ,
FBI ,
Ransomware ,
Risk Management ,
Threat Management
On February 19, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), issued...more
2/24/2025
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Protection ,
Malware ,
Multi-Factor Authentication ,
Ransomware ,
Risk Management ,
Security Information and Event Management (SIEM) system
On February 4, 2025, Coveware, Inc. released its quarterly ransomware report for the fourth quarter of 2024, and identified that the percentage of victims paying ransoms fell to a historic low of 25%. While the average...more
In the final week of the Biden Administration’s term in office, former President Biden issued two high profile executive orders that could have significant ramifications for the cybersecurity and technology industries. The...more
On October 1, 2024, the Department of Justice (“DOJ”) unsealed an indictment against Aleksandr Viktorovich Ryzhenkov (Александр Викторович Рыженков), a member of the ransomware group Evil Corp. The indictment charges...more
Ransomware attacks are hitting record highs in 2024 and show no sign of slowing down as new criminal groups enter the scene and employ a variety of evolving tactics. This post identifies key highlights of ransomware activity...more
A recent joint advisory from the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the Department of Defense Cyber Crime Center (DC3) warns of increased collaboration...more
On June 24, 2024, the Division of Corporation Finance (“Corp Fin”) of the Securities and Exchange Commission (“SEC”) issued five new Compliance and Disclosure Interpretations (“C&DIs”) related to the disclosure of “material”...more
7/11/2024
/ Corporate Governance ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Form 8-K ,
Publicly-Traded Companies ,
Ransomware ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
Does the R.R. Donnelley settlement mean heightened Securities and Exchange Commission (SEC) involvement in regulating public companies’ cybersecurity policies and practices? Our Securities Litigation, Privacy, Cyber & Data...more
7/2/2024
/ Cease and Desist Orders ,
Cybersecurity ,
Data Security ,
Disclosure ,
Enforcement Actions ,
Ransomware ,
Regulatory Oversight ,
Securities and Exchange Commission (SEC) ,
Securities Litigation ,
Securities Regulation ,
Sensitive Personal Information ,
Settlement
On May 7, 2024, the United States unsealed an indictment against Dmitry Yuryevich Khoroshev, one of the leaders of the Russian-based ransomware group LockBit, for his alleged involvement in developing and distributing the...more
Threat actors are evolving. Our Privacy, Cyber & Data Strategy Team explains how ransomware gangs have changed their tactics and how companies can respond to the threat while navigating new scrutiny from investors and...more
2/26/2024
/ Corporate Counsel ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Data Theft ,
NYDFS ,
Popular ,
Ransomware ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)
On January 24, 2024, the U.K.’s National Cyber Security Centre (NCSC) released a new report, The near-term impact of AI on the cyber threat, detailing how Artificial Intelligence (AI) will impact the effectiveness of cyber...more
On December 19, 2023, the Justice Department (“DOJ”) announced a disruption campaign against the Blackcat ransomware group. In the same press release, they also stated that the Federal Bureau of Investigation (“FBI”) had...more
The Federal Bureau of Investigation (FBI) issued a Private Industry Notification on September 27, 2023, highlighting two concerning ransomware trends and providing companies with guidance on mitigating potential threat actor...more
Publications and Advisories - July 31, 2023 – Dave Brown, Kate Hanniford, Kim Peretti, Julia Mediamolle, Cara Peterman, Sierra Shear, Kristen Bartolotta, and Kezia Osunsade published “Securities Law, Securities Litigation,...more
8/10/2023
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Civil Investigation Demand ,
COPPA ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
Hackers ,
International Data Transfers ,
Online Safety for Children ,
Popular ,
Ransomware ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Standard Contractual Clauses ,
Telehealth
On June 7, 2023, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Joint Cybersecurity Advisory in connection with a recent zero-day (or previously...more
Our Privacy, Cyber & Data Strategy and White Collar, Government & Internal Investigations teams offer key takeaways that companies should consider in the wake of the Justice Department’s first prosecution of a corporate...more
Selected Developments in U.S. Law - U.S. Department of Commerce Announces the Establishment of a Global CBPR Forum On April 21, 2022, Canada, Japan, South Korea, the Philippines, Singapore, Taiwan, and the United States...more
5/11/2022
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Assets ,
Fraud ,
Personal Information ,
Popular ,
Privacy Laws ,
Ransomware
On March 1, the Senate unanimously passed the Strengthening American Cybersecurity Act of 2022, which will require critical infrastructure companies to report significant cyber-incidents and all ransom payments to the...more
3/18/2022
/ Biden Administration ,
Covered Entities ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
New Legislation ,
Notice and Comment ,
Proposed Rules ,
Ransomware
On February 9, 2022 the United States, United Kingdom, and Australia issued a joint Cybersecurity Advisory on the “Increased Globalized Threat of Ransomware” against critical infrastructure sectors (“Advisory”). The Advisory...more
Selected Developments in U.S. Law - SEC Proposed Rule Will Require Private Funds to Report Certain Cyber Events On January 26, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new rules to enhance hedge fund...more
2/9/2022
/ China ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Privacy ,
Data Security ,
Data Subject Access Requests ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Malware ,
Multi-Factor Authentication ,
NYDFS ,
Personal Data ,
Popular ,
Ransomware ,
Reporting Requirements ,
Russia ,
Ukraine
Russia’s Federal Security Service (“FSB”) issued a press release on January 14, 2022 claiming that it dismantled the REvil ransomware gang by arresting 14 suspected members and seizing computer equipment, luxury vehicles,...more
On October 15, 2021 the Financial Crimes Enforcement Network (FinCen) of the Treasury Department issued a financial trend analysis on ransomware relating to Bank Secrecy Act (BSA) reporting filed in the first half of this...more