Around for a while now, ransomware is big business for cyber criminals, with attacks generating multi-millions of dollars to cyber criminals per year. Two recent and significant attacks have brought ransomware to the forefront once again.
For those still struggling with the terminology, ransomware is a form of "malware" – a malicious program that disrupts the normal operations of a computer, a server, an entire network, or even a cell phone. The malicious programming can disrupt systems in several different ways – most commonly by either blocking a user's access to a computer or system or by encrypting the data on the computer/system. Some ransomware, though, will actually take your data (which itself could have significant additional legal ramifications). As the name suggests, a ransomware program holds a victim's phone/computer/system/data captive in exchange for payment of a ransom, which can range anywhere from a couple of hundred dollars to thousands or even tens of thousands of dollars, and occasionally more.
What can you do to avoid being infected? Although completely avoiding ransomware, or any other form of cyberattack, may not be realistic, there are a number of steps available to minimize the risk of an attack:
- As with any form of malware, do not give the ransomware easy access to your system – i.e. do NOT click on links or attachments contained in suspicious emails and NEVER provide user name or password information in response to unsolicited e-mails or phone calls.
- Ensure that all of your software is up to date with the most recent patches and updates – the recent Wannacry ransomware specifically exploited computers and systems that were not properly updated or that were outdated and no longer supported by the developer.
- Have appropriate – and up to date – anti-virus and anti-malware software.
- Restrict access to the types of websites that can be accessed from systems that house important and sensitive data. IT Departments or third-party vendors can create internet filters that will not permit employees to access certain websites through work systems. These filters would prevent employees from accessing questionable websites that might contain malware. For that matter, restricting who has access to vital systems should also be explored – in other words, does every person who has credentials to use a system need to have access to that system?
- Have an appropriate back-up system. In the event of a ransomware attack, if your data is only housed on an active system that becomes infected by ransomware, you will truly be at the mercy of the criminal and, even if you pay the ransom, may have to go through extraordinary expense to restore or recreate your system and data. Having an appropriate back-up system could permit you to avoid the ransom altogether and/or significantly reduce the expense of restoring your system.
Ultimately, with the ever-increasing sophistication of hackers and the malware they employ, you may not be able to avoid a ransomware attack or other cyber breach, particularly given our expanding reliance on computer systems and electronically-stored data. Taking the steps outlined above can reduce your risk of a breach, but it is also vital to prepare for a potential ransomware attack or cyber breach by:
- Creating a breach response team (both internal and external) and developing policies to address steps to be taken in the event of a breach. This will help alleviate the inevitable panic associated with a breach and save precious time in determining what options are available to contain the breach and protect/recover data.
- Knowing what data you have and where it is stored. This process, called "data mapping," is another step that every company should undertake and incorporate into its policies and data security practices.
- Obtaining appropriate cyber liability insurance. Cyber liability insurance could provide coverage for a ransomware attack and its consequences, and it could be vital in the event of any form of cyber breach. Businesses should speak to their insurance specialists and legal counsel to determine appropriate insurance coverage options.
Finally, what should you do if you become the victim of a ransomware attack? As an initial matter, it is important to immediately engage experienced professionals, including counsel, to guide you through the process, coordinate efforts with (and create attorney-client privilege for the work performed by) a forensic IT firm, assess potential insurance coverage, determine when and how best to coordinate with law enforcement, and assess whether the ransomware attack could trigger any other legal requirements – in particular notification requirements – under various state and federal laws. In the end, victims may decide that their best (and possibly only) option is to pay the ransom and hope they actually can recover the data. But they should be sure that is an informed decision.
Sadly, as noted above, these issues are going to continue as our reliance on new technologies continues to expand, but the old adage "an ounce of prevention is worth a pound of cure" remains as apt now as it was in the years before the term cyber security was coined. As a result, conducting regular training, creating appropriate policies and practices, and controlling those factors over which you have control (obtaining suitable cyber liability insurance, updating systems, having appropriate back-up systems) will help minimize the risk of a ransomware (or other cyber) attack, and will place you in the best possible position to respond and mitigate the damages caused by an attack.
If you have any questions about this alert or our Cybersecurity service offerings, please feel free to call or e-mail Nicholas J. DiCesare at (716) 566-1524 or ndicesare@barclaydamon.com or any of the Barclay Damon attorneys with whom you normally work.