Ransomware Planning and Response Best Practices

By: Nolan Goldberg and Anisha Shenai-Khatkhate, Proskauer Rose LLP

Ransomware attacks have become a prevalent cybersecurity threat. These attacks pose significant legal and financial risks to both individuals and organizations. This article addresses steps to take to minimize the risk of a ransomware attack and reduce the harm that a successful attack can cause

What Is Ransomware?

Ransomware is a form of malicious software (malware) installed by a hacker that blocks access to files on an infected computer or network until the victim pays the hacker a fee or ransom. The malware often disables access using one of the following methods:

• Encryption. The ransomware software encrypts whatever files it can access and informs the user that access will be restored in return for a demanded sum.
• Lock-out. Another method involves locking victims out of their operating systems so that the victims cannot access anything on their computers.

Hackers typically demand payment in Bitcoin or other cryptocurrency because these forms of payment are difficult to trace. Hackers often impose a deadline for making payment, claiming that if a victim does not pay by a certain date, the hacker will permanently destroy the hijacked files or increase the amount of the demanded ransom. These time-sensitive tactics reinforce the importance of preemptively developing and training on a response and recovery plan as there may not be time to responsibly develop and execute a plan when an attack occurs.

Often hackers fraudulently use law enforcement images, messages, or symbols in a ransomware attack to make victims believe they are obligated to pay due to their own wrongdoing. For example, a hacker may display the FBI logo along with a false message that illegal download or file-sharing activity was detected on the computer, and the victim must pay a fee to regain access.

Each year, the frequency of these attacks increases. Some of the criminals behind these attacks are countries desperate for hard currency. For example, North Korea is widely believed to have been behind the worldwide WannaCry attacks in 2017. However, ransomware authoring tools are available on the internet. As a result, a relatively unskilled criminal can undertake a complex attack. In addition, the rise of anonymous cryptocurrencies makes it difficult to track the ransom payment to the criminal.

To read the full practice note in Lexis Practice Advisor, follow this link.

Nolan Goldberg is a litigator with Proskauer Rose LLP, whose practice focuses on matters that have complex computer technology-related issues, including cyberlaw, patent and trade secret litigation, and commercial disputes. In the context of data security, Nolan uses his electrical engineering background, coupled with a litigation and risk management-centric focus, to assist companies in all phases of incident response. Nolan often acts as a bridge between the technical and legal response teams (both inside and outside forensic consultants) and uses this intimacy with the facts to develop defenses and strategies that might otherwise be overlooked or less effective. And when it comes time to defend the company in litigation or before the regulators, Nolan uses this deep familiarity with the company and its systems to great effect. Nolan is certified by the International Association of Privacy Professionals as a Certified Information Privacy Professional (CIPP) and a Certified Information Privacy Technologist (CIPT). Nolan is also frequent author and speaker on the intersection of technology and law. Anisha Shenai-Khatkhate is an associate in the Litigation Department at Proskauer Rose LLP. Her practice focuses on matters pertaining to intellectual property and privacy law.

Related Content