(844) 627-8267 | Info@NationalCyberSecurity
(844) 627-8267 | Info@NationalCyberSecurity

Ransomware Attacks On Major Corporates – Security | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

To print this article, all you need is to be registered or login on Mondaq.com.

On May 28 2023 major corporations started to announce attacks by
CLOP ransomware group on their systems. CLOP is widely thought to
operate from the Russian Federation. Victims are said to include
Procter and Gamble, Virgin, Saks and others.

Attacks from Non/Quasi State actors can be expected to rise with
international tensions.

Today (07.06.2023), CLOP used its dark web website to announce
that personal information, including customer bank account details,
would be released on the web:

“We deliberately
did not disclose your organization wanted to negotiate with you and
your leadership first,” reads a Clop ransom note sent during
the GoAnywhere extortion attacks.

“If you ignore us,
we will sell your information on the black market and publish it on
our blog, which receives 30-50 thousand unique visitors per day.
You can read about us on Google by searching for CLOP hacker

Microsoft attributed the ransomware attack to vulnerabilities in
the Zero-day MOVEit Transfer platform.

The attacks started on or around 27 May – the Memorial Day
holiday weekend.

Having an interest in International Law, the attack raises
questions of State responsibility for Non/ Quasi State actors. What
duties does the Russian Federation have to prevent and prosecute
such actions? What State responsibility does Russia bear if it
fails to take reasonable and proportionate actions in those
regards. I am going to leave that aside for another article.

What are the legal duties on firms who discover they have been
hacked? Perhaps this is a far more practical question.

  1. Contact the Information Commissioners Office.

  2. Contact your internet provider and their security systems. You
    will need to know what was taken and to whom the information

  3. Act immediately. If you hesitate, the damage may be greater and
    the ICO will want to know why.

Your duties

  • Ensure the ‘confidentiality, integrity and
    availability’ of systems and services and the personal data you
    process within them.

  • You must be able to restore access and availability to personal
    data in a timely manner in the event of a physical or technical

  • You must have appropriate processes in place to test the
    effectiveness of your measures and undertake any required

  • Your security measures must be proportionate to the sensitivity
    of the information held. If you hold sensitive medical data, your
    security measures must reflect this risk.

[Source ICO 07.06.2023]

In short,

  1. Know your security measures protecting your IT.

  2. Make sure they are adequate to the risk.

  3. Act quickly if you have a suspicion.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.


ChatGPT – Generative AI And The Law

Gatehouse Chambers

Readers will probably have heard by now of OpenAI’s ChatGPT. Many of you will have experimented with it, or one of the other available generative artificial intelligence (AI) models such as Microsoft’s Bing.

AI And The UK Regulatory Framework

Norton Rose Fulbright

In March 2023, the Department for Science, Innovation and Technology published a white paper detailing its proposed approach to regulating artificial intelligence (AI) in the UK.

Why GPT Matters

IR Global

Corporate legal departments are increasingly receiving requests from their business clients to use GPT in their operations


Click Here For The Original Source.

National Cyber Security