Regulatory and Policy Developments: Ransomware Sanctions, NIS2, and Vulnerability Disclosure
Key Questions
What sanctions has the EU imposed on ransomware actors?
The EU sanctioned Vitaly Nikolayevich Kovalev ('Stern'), the Trickbot/Conti leader linked to over $300M in ransoms.
Which VPN provider faced US sanctions for ransomware facilitation?
The US Treasury sanctioned First VPN Service, marking the first such action against a VPN provider enabling ransomware operations.
What did Australian regulators decide regarding Qantas?
Australia's regulator ruled that Qantas breached security obligations despite having good security measures, shifting liability expectations.
Why is NIS2 compliance a focus for manufacturers?
NIS2 expands scope to manufacturing with requirements for OT/IT convergence, supply chain security, and practical compliance roadmaps.
What are CISA and partners urging for vulnerability disclosure?
CISA and international partners recommend formalizing vulnerability disclosure programs to align with Secure by Design principles as AI accelerates threats.
EU sanctions Trickbot/Conti leader 'Stern' (Kovalev) for $300M+ ransoms. US Treasury sanctions VPN provider for enabling ransomware. Australian regulator rules Qantas breached despite good security, shifting liability. NIS2 compliance is now a major focus for manufacturing and other sectors, with practical roadmaps and Omnibus amendments. CISA and international partners push for formalized vulnerability disclosure programs, aligning with Secure by Design. NSA/CISA warns critical industries about Russia-linked hackers targeting routers.