New Treasury Department Ransomware Advisories Warn that Ransom Payment May be Sanctionable

by Margaret Young Levi and Kathie McDonald-McClure

Cyber attacks using ransomware have been on the rise during the COVID-19 pandemic.  Ransomware, whether it encrypts computer files or locks an entire hard drive, can block access to an organization’s essential operating data, unless the organization can obtain a decryption key. In many if not most cases, a decryption key is only available by paying a ransom to the cybercriminal.

On October 1, 2020, the U.S. Department of the Treasury Office of Terrorism and Financial Intelligence announced the issuance of two advisories aimed at fighting ransomware scams and attacks.  In making the announcement, Deputy Secretary Justin G. Muzinich said:

Cybercriminals have deployed ransomware attacks against our schools, hospitals, and businesses of all sizes. Treasury will continue to use its powerful tools to counter these malicious cyber actors and their facilitators.

The advisories also warned that those who facilitate ransomware payments may be sanctioned for violating Treasury law and regulations. However, Treasury’s efforts to crack down on ransomware in this way places its victims in the crossfire.  Ransomware victims may feel they have no choice but to pay the ransom if this is the only way to regain access to essential data, which is often the case when the most recent data back-up is also attacked and a decryption key is not available by other means.  Moreover, paying the ransom may be a matter of public safety.  For example, ransomware that locks healthcare providers out of patient electronic medical records, attacks computers that support life-saving medical devices, or that shuts down computers connected to automobiles and other consumer devices, could pose a risk of injury or even death.

Treasury’s Financial Crimes Enforcement Network (FinCEN) issued an advisory, entitled “Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments” (Treasury Advisory). The Treasury Advisory is intended to educate financial institutions and others involved in cyber incident response measures about ransomware trends and indicators of ransomware as well as related money laundering activities.  More specifically, the Treasury Advisory addresses the following areas of concern:

CONTINUE READING

The EPCS Mandate: Kentucky Requires Electronic Prescribing Of Controlled Substances

by Lindsay K. Scott

In an ongoing effort to battle the opioid crisis, Kentucky House Bill 342 was signed into law on March 26, 2019.  This bill created a new statute, KRS 218A.182, to require that all prescriptions for controlled substances be submitted electronically, unless certain exceptions apply (the “EPCS Mandate”).  Effective January 1, 2021, practitioners who prescribe controlled substances to be dispensed by a Kentucky pharmacy must issue the prescription electronically (“e-prescribe”) directly to the pharmacy unless an exception applies. Continue reading

Scammers Target Remote Workers with Email Phishing Campaigns

By Lindsay Scott and Kathie McDonald-McClure

According to a recent USA Today article, the Federal Trade Commission (FTC) reported that it had received 83,858 fraud reports this year through August 9th relating to COVID-19 and the economic stimulus packages. Many of these fraud reports are connected to email phishing campaigns that target remote, telework or furloughed employees.

In one type of phishing campaign, scammers send emails to workers telling them that their employment is being terminated as a result of COVID-19 and purports to offer termination package options. These termination email scams provide clickable links inviting the employee to attend a teleconference meeting or to obtain additional information concerning the termination packages. Instead, these links download malicious software or require the employee to enter personal information, such as a Social Security number, in an attempt to steal their identity and ultimately commit financial fraud that harms the employee. Employees who receive a suspicious email telling them they are being terminated should notify their human resources department or other designated person in the organization.

Continue reading

U.S. Department of Homeland Security Issues SAP Critical Vulnerability Alert

Written by:  Kathie McDonald-McClure

On Monday, July 13, 2020, the Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) issued a SAP cybersecurity alert, No. AA20-195A, regarding a critical vulnerability that an unauthenticated attacker could exploit through the Hypertext Transfer Protocol (HTTP) to take control of trusted SAP applications. CISA strongly recommends that organizations immediately apply patches, prioritizing internet-facing systems and then internal systems.  At least 15 SAP Java-based solutions are affected, including the SAP Supply Chain Management, the SAP Enterprise Portal, Central Process Scheduling and other widely used SAP applications.  See the Alert for the list of 15 affected SAP applications.

CISA/NCSC Joint Alert Warns of APT Groups Targeting Healthcare and Essential Services

by Margaret Young Levi and Kathie McDonald-McClure

On May 5, 2020, the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) issued a joint alert warning of techniques that advanced persistent threat (APT) groups are using to exploit the COVID-19 pandemic.

APT groups target and exploit organizations responding to COVID-19, such as healthcare organizations, pharmaceutical companies, universities, medical research organizations, and local governments. These groups seek to steal “bulk personal information, intellectual property, and intelligence that aligns with national priorities.” For example, pharmaceutical companies, medical research organizations, and universities have been targeted in order to steal sensitive research into COVID-19-related medicine for both commercial and governmental benefit.

These cybercriminals employ a variety of techniques to steal data.

Continue reading