Ransomware Planning and Response Best Practices

Posted on 09-12-2018

By: Nolan Goldberg and Anisha Shenai-Khatkhate, Proskauer Rose LLP

Ransomware attacks have become a prevalent cybersecurity threat. These attacks pose significant legal and financial risks to both individuals and organizations. This article addresses steps to take to minimize the risk of a ransomware attack and reduce the harm that a successful attack can cause

What Is Ransomware?

Ransomware is a form of malicious software (malware) installed by a hacker that blocks access to files on an infected computer or network until the victim pays the hacker a fee or ransom. The malware often disables access using one of the following methods:

  • Encryption. The ransomware software encrypts whatever files it can access and informs the user that access will be restored in return for a demanded sum.
  • Lock-out. Another method involves locking victims out of their operating systems so that the victims cannot access anything on their computers.

Hackers typically demand payment in Bitcoin or other cryptocurrency because these forms of payment are difficult to trace. Hackers often impose a deadline for making payment, claiming that if a victim does not pay by a certain date, the hacker will permanently destroy the hijacked files or increase the amount of the demanded ransom. These time-sensitive tactics reinforce the importance of preemptively developing and training on a response and recovery plan as there may not be time to responsibly develop and execute a plan when an attack occurs.

Often hackers fraudulently use law enforcement images, messages, or symbols in a ransomware attack to make victims believe they are obligated to pay due to their own wrongdoing. For example, a hacker may display the FBI logo along with a false message that illegal download or file-sharing activity was detected on the computer, and the victim must pay a fee to regain access.

Each year, the frequency of these attacks increases. Some of the criminals behind these attacks are countries desperate for hard currency. For example, North Korea is widely believed to have been behind the worldwide WannaCry attacks in 2017. However, ransomware authoring tools are available on the internet. As a result, a relatively unskilled criminal can undertake a complex attack. In addition, the rise of anonymous cryptocurrencies makes it difficult to track the ransom payment to the criminal.

 

To read the full practice note in Lexis Practice Advisor, follow this link.

 


Nolan Goldberg is a litigator with Proskauer Rose LLP, whose practice focuses on matters that have complex computer technology-related issues, including cyberlaw, patent and trade secret litigation, and commercial disputes. In the context of data security, Nolan uses his electrical engineering background, coupled with a litigation and risk management-centric focus, to assist companies in all phases of incident response. Nolan often acts as a bridge between the technical and legal response teams (both inside and outside forensic consultants) and uses this intimacy with the facts to develop defenses and strategies that might otherwise be overlooked or less effective. And when it comes time to defend the company in litigation or before the regulators, Nolan uses this deep familiarity with the company and its systems to great effect. Nolan is certified by the International Association of Privacy Professionals as a Certified Information Privacy Professional (CIPP) and a Certified Information Privacy Technologist (CIPT). Nolan is also frequent author and speaker on the intersection of technology and law. Anisha Shenai-Khatkhate is an associate in the Litigation Department at Proskauer Rose LLP. Her practice focuses on matters pertaining to intellectual property and privacy law.


Related Content

For information on planning for and responding to data breaches, see

> DATA BREACH PLANNING AND MANAGEMENT

RESEARCH PATH: Data Security & Privacy > Data Breaches > Planning > Practice Notes

For a list of steps to take to take to safeguard websites and IT systems against malicious attacks, see

> PREVENTING ATTACKS ON IT SYSTEMS AND WEBSITES CHECKLIST

RESEARCH PATH: Data Security & Privacy > Data Breaches > Planning > Checklists

For examples of internal policies regarding data security best practices, see

> CYBERSECURITY RESILIENCE IMPLEMENTATION PLAN AND WRITTEN INFORMATION SECURITY PLAN

RESEARCH PATH: Data Security & Privacy > Cybersecurity Risk Management > Forms

For a detailed discussion about the Federal Trade Commission’s (FTC) role in regulating and protecting consumer privacy, see

> FTC DATA SECURITY GUIDANCE AND ENFORCEMENT

RESEARCH PATH: Data Security & Privacy > Cybersecurity Risk Management > Practice Notes

For more guidance on state laws regarding data protection obligations, see

> DATA BREACH NOTIFICATION ENFORCEMENT AND PENALTIES STATE LAW SURVEY, IDENTITY THEFT STATE LAW SURVEY, PROTECTION OF PERSONAL INFORMATION IN GOVERNMENT RECORDS STATE LAW SURVEY, AND > THIRD-PARTY DISCLOSURE OF PERSONAL DATA STATE LAW SURVEY

RESEARCH PATH: Data Security & Privacy > State Law Surveys and Guidance > Privacy & Data Security State Law Surveys > Practice Notes

For additional information, see

> CYBERSECURITY INSURANCE INITIAL CONSIDERATIONS

RESEARCH PATH: Data Security & Privacy > Cybersecurity Risk Management > Practice Notes

For assistance in drafting a comprehensive data breach avoidance plan, see

> DATA BREACH AVOIDANCE AND RESPONSE PLAN CHECKLIST

RESEARCH PATH: Data Security & Privacy > Cybersecurity Risk Management > Checklist

For an overview of the General Data Protection Regulation, see

> GENERAL DATA PROTECTION REGULATION (GDPR) AND > MANAGING DATA SECURITY BREACHES UNDER THE GENERAL DATA PROTECTION REGULATION (GDPR)

RESEARCH PATH: Data Security & Privacy > International Compliance > General Data Protection Regulation (GDPR) > Practice Notes