PROCIRCULAR BLOG

Educating your business on the importance of cybersecurity

Rolling the Dice on Cybersecurity: Lessons from the MGM Breach

Posted by Jake McGreevy on Oct 18, 2023 11:17:58 AM

You may have seen it in the news, but another major company has been a victim of a nasty ransomware attack that disrupted services and customers for over ten days. This time, the victim was MGM Resorts in Las Vegas.

What separates this major incident from others is that the hackers pulled the malicious attack off using one of the oldest tricks in the book: social engineering. So, what happened, and what can we learn from this?

Read More

Topics: Cybersecurity, Network Security, Data Breach, Data Security, security incident handling, risk, Ransomware, social engineering

Legality of Ransom Payments

Posted by Aaron R. Warner on Feb 1, 2022 3:44:30 PM

As clients begin to recognize and prepare against the threat of ransomware attacks, one tricky question keeps coming up. Is paying a ransom “illegal yet?”. No company is champing at the bit to make unplanned payments, especially not to potential terrorists on the OFAC list, but the legality of the matter depends on a few factors. *Please note that ProCircular does not provide legal advice, rather, we disseminate guidance from the top legal authorities.

As a cybersecurity professional and business owner, I keep a close eye on the everchanging recommendations surrounding ransomware attacks and incident management. I found the following document to be one of the more up-to-date (at least by government standards) and straightforward pieces available on the topic. Here's the short version:

“In the context of hostage-taking, for example, DOJ clarified in 2015 that it “has never used the material support statute to prosecute a hostage’s family or friends for paying a ransom for the safe return of their loved one.”67

Basically, there is a low likelihood of prosecution for making ransom payments, even when it is paid to a known threat actor on the OFAC denied persons list. I would only expect to see legal action taken if a very large company went through with the payment while it was expressly illegal. Even then, the punishment would be intended to make an example rather than punish the victim.

Read More

Topics: Incident Response, Ransomware

  • There are no suggestions because the search field is empty.

ProCircular is a Full-Service Information Security Firm

We are passionate about helping businesses navigate the complex world of information security, and our blog is another great source of inforamtion. We can assist you no matter where you are in your security maturity journey:

  • Breached or hit with ransomware?
  • Don't know where to start? 
  • Looking to confirm your security with a third party?

Secure your future with ProCircular.

Recent Posts

Subscribe to Email Updates