New Treasury Department Ransomware Advisories Warn that Ransom Payment May be Sanctionable

by Margaret Young Levi and Kathie McDonald-McClure

Cyber attacks using ransomware have been on the rise during the COVID-19 pandemic.  Ransomware, whether it encrypts computer files or locks an entire hard drive, can block access to an organization’s essential operating data, unless the organization can obtain a decryption key. In many if not most cases, a decryption key is only available by paying a ransom to the cybercriminal.

On October 1, 2020, the U.S. Department of the Treasury Office of Terrorism and Financial Intelligence announced the issuance of two advisories aimed at fighting ransomware scams and attacks.  In making the announcement, Deputy Secretary Justin G. Muzinich said:

Cybercriminals have deployed ransomware attacks against our schools, hospitals, and businesses of all sizes. Treasury will continue to use its powerful tools to counter these malicious cyber actors and their facilitators.

The advisories also warned that those who facilitate ransomware payments may be sanctioned for violating Treasury law and regulations. However, Treasury’s efforts to crack down on ransomware in this way places its victims in the crossfire.  Ransomware victims may feel they have no choice but to pay the ransom if this is the only way to regain access to essential data, which is often the case when the most recent data back-up is also attacked and a decryption key is not available by other means.  Moreover, paying the ransom may be a matter of public safety.  For example, ransomware that locks healthcare providers out of patient electronic medical records, attacks computers that support life-saving medical devices, or that shuts down computers connected to automobiles and other consumer devices, could pose a risk of injury or even death.

Treasury’s Financial Crimes Enforcement Network (FinCEN) issued an advisory, entitled “Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments” (Treasury Advisory). The Treasury Advisory is intended to educate financial institutions and others involved in cyber incident response measures about ransomware trends and indicators of ransomware as well as related money laundering activities.  More specifically, the Treasury Advisory addresses the following areas of concern:

CONTINUE READING

Scammers Target Remote Workers with Email Phishing Campaigns

By Lindsay Scott and Kathie McDonald-McClure

According to a recent USA Today article, the Federal Trade Commission (FTC) reported that it had received 83,858 fraud reports this year through August 9th relating to COVID-19 and the economic stimulus packages. Many of these fraud reports are connected to email phishing campaigns that target remote, telework or furloughed employees.

In one type of phishing campaign, scammers send emails to workers telling them that their employment is being terminated as a result of COVID-19 and purports to offer termination package options. These termination email scams provide clickable links inviting the employee to attend a teleconference meeting or to obtain additional information concerning the termination packages. Instead, these links download malicious software or require the employee to enter personal information, such as a Social Security number, in an attempt to steal their identity and ultimately commit financial fraud that harms the employee. Employees who receive a suspicious email telling them they are being terminated should notify their human resources department or other designated person in the organization.

Continue reading

U.S. Department of Homeland Security Issues SAP Critical Vulnerability Alert

Written by:  Kathie McDonald-McClure

On Monday, July 13, 2020, the Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) issued a SAP cybersecurity alert, No. AA20-195A, regarding a critical vulnerability that an unauthenticated attacker could exploit through the Hypertext Transfer Protocol (HTTP) to take control of trusted SAP applications. CISA strongly recommends that organizations immediately apply patches, prioritizing internet-facing systems and then internal systems.  At least 15 SAP Java-based solutions are affected, including the SAP Supply Chain Management, the SAP Enterprise Portal, Central Process Scheduling and other widely used SAP applications.  See the Alert for the list of 15 affected SAP applications.

CISA/NCSC Joint Alert Warns of APT Groups Targeting Healthcare and Essential Services

by Margaret Young Levi and Kathie McDonald-McClure

On May 5, 2020, the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) issued a joint alert warning of techniques that advanced persistent threat (APT) groups are using to exploit the COVID-19 pandemic.

APT groups target and exploit organizations responding to COVID-19, such as healthcare organizations, pharmaceutical companies, universities, medical research organizations, and local governments. These groups seek to steal “bulk personal information, intellectual property, and intelligence that aligns with national priorities.” For example, pharmaceutical companies, medical research organizations, and universities have been targeted in order to steal sensitive research into COVID-19-related medicine for both commercial and governmental benefit.

These cybercriminals employ a variety of techniques to steal data.

Continue reading

Data Security in the “New Normal” of Teleworking

By Margaret Young Levi and Kathie McDonald-McClure

The 2020 worldwide pandemic will go down in the history books much like the 1918 Spanish Flu.  One big difference between then and now: the technology that has enabled millions of us to remain moderately productive “at work” from the comfort of our homes.  Welcome to the “new normal” of telework.  Being comfy at work in yoga pants – saving time by not having to dress for “the office” as we once knew it.  Shorter commutes, with coffee refills only steps away in the “breakroom” – our kitchens.  Staying connected to our co-workers, clients and work associates in Brady Bunch style, creating a little mystique with virtual backgrounds on Zoom, Microsoft Teams or WebEx video conferencing platforms.

As relaxed as we may be in the new normal of teleworking, it’s not a time to relax when it comes to being vigilant in securing the confidences of our employers, employees, clients or customers.  Teleworking brings new technology challenges:  learning new software and conferencing programs, managing confidential paper documents, and protecting electronic data.  And since our homes are now an extension of our offices, these challenges may create additional exposure for employers. As office workers and healthcare providers switched to telework and telehealth under state stay-at-home orders, malicious cyber actors were ramping up to take advantage of the security gaps that would inevitably accompany such a sudden transition. Wyatt data privacy counsel offer practical tips to protect employer and client data, as well as personal information, in the new normal of telework.

Continue reading