One year ago this week, we posted a blog explaining that the New York Department of Financial Services (NYDFS) issued a framework of seven best practices that insurers should adopt, including a recommendation that insurers stop paying ransom payments in response to ransomware. Now, North Carolina has enacted a statute that not only forbids its public entities from paying ransoms, but also prohibits public entities from communicating with ransomware threat actors. Instead, North Carolina public entities, including public schools and universities, are required to consult with the North Carolina Department of Information Technology (NCDIT).
Continue Reading To Pay the Ransom or Not to Pay the Ransom? North Carolina Tells its Public Entities the Answer is an Emphatic NO

Over the 4th of July holiday weekend, an affiliate of the Russia-linked criminal syndicate known as REvil succeeded in executing the single largest global ransomware attack on record with over one million firms affected worldwide. As a result of the intrusion, thousands of companies have reduced or entirely ceased operation. For example:


Continue Reading It May Take a Village: What the REvil Holiday Attack Teaches Us About the Evolving Threat