This blog is made available by Cameron Banks Law (“the Firm”) for informational purposes only and may be considered Attorney Advertising. It is not meant to convey the Firm’s legal position on behalf of any client, nor is it intended to convey specific legal advice. Accordingly, do not act upon this information without seeking counsel from a licensed attorney. This blog is not intended to create, and receipt of it does not constitute, an attorney-client relationship. The information on this blog is published “AS IS” and is not guaranteed to be complete, accurate, and or up-to-date. The Firm makes no representations or warranties of any kind, express or implied, as to the operation or content of the site. The Firm expressly disclaims all other guarantees, warranties, conditions and representations of any kind, either express or implied, whether arising under any statute, law, commercial use or otherwise, including implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Cameron Banks Law be liable, directly or indirectly, under any theory of law (contract, tort, negligence or otherwise), to you or anyone else, for any claims, losses or damages, direct, indirect special, incidental, punitive or consequential, resulting from or occasioned by the creation, use of or reliance on this site (including information and other content) or any third-party websites or the information, resources or material accessed through any such websites.

WHAT IS A RANSOMWARE ATTACK? 

Ransomware attacks occur when cybercriminals use a malicious software, or “malware” to block a computer, device, electronic system and/or data from use by its owner, and then demand a ransom payment before releasing it into the owner’s control, or a payment to prevent further public disclosure of that data (e.g. exposing private data on public platform). The electronically stored data and files are encrypted and held hostage until the ransom is paid, usually in cryptocurrency — an anonymous and quick way for criminals to move funds. 

The malware used to generate illicit revenue in this manner is generally referred to as ransomware. The software developers who make ransomware will solicit another criminal actor (sometimes terrorist or state actors) interested in demanding a ransom, and typically rent out the ransomware to that actor for a cut of the action. These two parties typically partner up with a hacker/compromiser to find a way into the target computer, device, system or data in order to launch a ransomware attack. 

DO I REALLY HAVE TO BE CONCERNED ABOUT A POTENTIAL RANSOMWARE ATTACK? 

YES! In 2020, an estimated 65,000 ransomware attacks occurred, eliciting over $400M in cryptocurrency payments. Notably, the victims of ransomware attacks are not only large multinational organizations. Ransomware spreads — quickly — to vendors and customers of larger institutions. Before the malware is even discovered, individuals and small businesses that have functioned without any IT specialists, cybersecurity experts or even cyber-insurance can fall victim to a debilitating ransomware attack. 

If you or your business has money and a digital presence you need to be concerned about a ransomware attack. Cyber-incidents are constant: one frequently quoted statistic is that at least one cyber-attack occurs every forty seconds. 

If you are a victim of a ransomware attack, you will receive a notification on your computer or device describing the system, data or files that have been encrypted, or locked, and what will happen to them if you fail to make a payment as instructed by a certain time. 

HOW DO I RESPOND TO A RANSOMWARE ATTACK?

SHOULD I PAY A RANSOM TO RELEASE MY OWN SYSTEM OR DATA BEING HELD HOSTAGE? 

The decision as to whether to pay the demanded ransom is not simple, and paying the demand is oftentimes not recommended. Your money is better spent investing in the preparations described below to help you withstand the almost inevitable ransomware attack. 

Parties launching a ransomware attack are criminals, so there is no guarantee that if you make a payment that you will receive the encryption key needed to unlock your system data, or files in return. Very often the encryption key released to the owner of the system or data held hostage doesn’t work effectively or at all, and the unlocked files or data end up being in disarray or irreparably corrupted and unusable. 

Even though you may be the victim of a ransomware attack and are simply trying to reclaim your system or data, paying the demanded ransom can trigger federal and other reporting requirements, and possibly imposition of fines and penalties on you for making a payment — even unwittingly – to certain prohibited persons or those in prohibited countries. The recent advisories issued by the US Dept. of Treasury Office of Foreign Assets Control and the Financial Crimes Enforcement Network, signal the current trend of the federal agencies expecting the private sector to take more aggressive proactive steps to counter cyber-incidents like ransomware attack.* 

Notwithstanding the potential penalties, any payment made in response to a ransomware attack will go to a criminal and there is a high likelihood that such funds will be used to support an organized criminal enterprise. Payment of the ransom, which is usually made by transmitting funds from the attack victim’s traditional bank account to a cryptocurrency exchange, can be considered a first step in the money laundering process. (Other ways ransom payments are made is through a transfer of funds to an intermediary party which can be a cyber-response company or cyber insurance company, or even third-party individual “money mules” who have been solicited by the cybercriminals, and then from there converted into cryptocurrency through an exchange.) 

Without extensive blockchain analysis (performed by specialists), you will not know the hands into which a ransom payment will fall, leaving a real possibility that on top of a ransom payment you may catch federal fines and penalties as well. However, early reporting to law enforcement may be considered by federal agencies as a factor mitigating against such penalties. You can contact law enforcement including contacting your FBI Field Office or filing an online complaint or making a report to CISA.** 

Another reason to contact federal law enforcement is that the Dept. of Homeland Security, the Federal Bureau of Investigations, and Secret Service can all be helpful in the event of a ransomware attack. These federal agencies are quickly and constantly responding to such events. As a result, they may have previously encountered the specific ransomware being used in an attack, and have already secured the encryption key critical to unlocking the device, system or data being held hostage. 

Additional members of your ransomware attack response team could, and should, include legal counsel to help you navigate the potential legal obligations triggered by your response to a ransomware attack, your cyber insurance company, and possibly other cyber response consultants and specialists that help negotiate ransomware payments for victims, and help with the ransomware decryption before any payment is made. 

CAN I PREPARE FOR A RANSOMWARE ATTACK?

YES! And you should because there is a high likelihood that you will encounter one. 

To be prepared means making it as difficult as possible for a hacker to find way to enter your system, which is the essential initial step for ransomware to take control over your device or system. If the cyber criminals cannot enter your device or system, they cannot install the ransomware necessary to hold it hostage. But to make it difficult for cybercriminals to access your devices, systems and files, you are going to have to make it inconvenient for those who are authorized to access them — you, your employees, your vendors and maybe your customers. 

In a world of ever increasing (and, inevitable) cyber-attacks, it is critical to shift our mindset and priorities from convenience to safety. Hackers prey easily on organizations that lack vulnerability scanning, grant access to their network through unsecured remote desktops, and are susceptible to successful phishing attempts. 

Ransomware attacks are not complicated – which is why criminals launch them successfully every day. Successfully preparing for a ransomware attack is not complicated either – it is also much cheaper and easier than trying to survive one unprepared. 

While it would be much easier to leave the front doors to our houses unlocked and open — not having to juggle keys and groceries to enter — we don’t do so because we do not want criminals ransacking our home, stealing our property, and holding our loved ones hostage. Just as we take basic steps to protect our homes and their contents, we have to take necessary, fundamental basic steps to protect our devices, systems and electronically stored data. 

There is no way to absolutely prevent a ransomware attack, but there are basic best practices that can do a good job of keeping your devices, systems and data harder to access and can make cybercriminals move on to another target. 

These practices are akin to closing and locking the front door to your house, turning on the porch light, and putting your valuable papers and jewelry in a hidden locked location. 

PREPARING FOR A RANSOMWARE ATTACK IS LIKE PREPARING YOUR HOME AGAINST AN UNWANTED BREAK-IN . . .

RECOMMENDED ACTIONS TO TAKE BEFORE YOU FACE A RANSOMWARE ATTACK 

These practices are akin to closing and locking the front door to your house, turning on the porch light, and putting your valuable papers and jewelry in a hidden locked location. 

STEP 1: Vulnerability Scanning – Walking the Perimeter to Find Easy Access Points:

It is definitely worth checking the perimeter of your network systems find spots vulnerable to a ransomware attack before hackers do. Vulnerability scanning, along with regular timely patching While there are many companies available to help you walk the perimeter, it is definitely worth checking out the available services offered by the federal Cybersecurity and Infrastructure Security Agency (CISA) or email CISA at vulnerability_info@cisa.dhs.gov

STEP 2: Consistent Employee Training & Reminders- Don’t Open the Door to Hackers:

Remember that “social engineering” (fooling or manipulating people to gain access to systems through a phishing emails, business email compromise, invoice manipulation, financial fund transfers or other means) remains the easiest and most popular way for a hacker to gain access to your device(s), systems and data –the necessary and critical first step of a successful ransomware attack. By not opening up your devices, system or data to hackers when they “knock” through one of these ruses, you and your employees are keeping hackers out of your system. Every person has moments of forgetfulness, carelessness, or distraction during the workday that could easily result in the errant click or download that opens the door to a ransomware attack. Consistent employee training and reminders to be on alert and wary of hacking attempts can help prevent successful bids to break into your network. 

STEP 3: Multi-Factor Authentication & Strong Passwords – Install Double Locks on the Door: 

Multifactor authentication (MFA) and passwords (strong ones, different ones) can help protect important systems and files. MFA is a method of verifying that the person trying to access a system is actually the person they claim to be, and helps combat “weak” passwords. Once a person enters a password, an MFA system requires verification through a second method unique to the individual accessing the system (e.g. a text message to a specific number, biometric data like a fingerprint, or an access token specifically assigned to an individual). This is especially important for the (hopefully very few) employees who have administrator accounts – those privileged accounts that have additional access to important files, systems and networks. Strong unique passwords and MFA is an absolute must for these special user accounts. 

STEP 4: Segregated and Tested Backup Files & Systems – Hide and Lock-up the Valuables:

Having readily accessible and current backup files allows you to access your data without having to pay a ransom for it. Routine data and file backup is a good start, but those backup files and data must be segregated from your usual network and tested. In order to get paid, cybercriminals need to keep your files and data hostage so the ransomware will necessarily encrypt backup systems connected to the hacked network. If your backup data is segregated from your network, you are locking it up in a hidden location out of reach from cybercriminals. Once your files and data are backed-up and segregated — make sure to test that the backup works and you can quickly and effectively access your needed systems and data before falling victim to a ransomware attack. 

Another ransomware attack twist is that the ransom payment is not demanded for restoring access to data but instead to prevent public disclosure of sensitive data. Making sure such sensitive (usually personal) data is encrypted is also a critical step to protecting your company from a successful ransomware attack. 

STEP 5: Obtaining Cyber Insurance – Insuring Against Losses: 

Obtaining cyber insurance may not be as straightforward as you think — the policies are not standard, and in order to be covered you must specifically confirm whether you will be covered for ransomware attacks and/or social engineering schemes. If you aren’t managing the cybersecurity risks at your organization (including with some of the suggestions here) you may also find yourself in the position of not being able to obtain a policy or afford one. While you are thinking about cyber insurance for your own organization, also think about whether your vendors have adequate cyber policies that would cover losses to you or your company. 

STEP 6: Have a Cyber Incident Response Plan – Have an Escape & Recovery Plan:

Because almost all organizations rely on networks, systems and electronically stored data to function, they are all vulnerable to a cyberattack and should prepare to withstand and survive such an incident. It is critical for organizations to create an Incident Response Plan (IRP), the standard operating procedure for responding to or recovering from a cyber incident like a ransomware attack. Creating an effective IRP could help an organization avoid being sanctioned by regulators, held liable for losses by customers, and decimated by data (and reputational) loss. 

* The U.S. Dept. of Treasury Office of Foreign Assets Control (OFAC) guidance can be found at: https://home.treasury.gov/system/files/126/ofac_ransomware_advisory_10012020_1.pdf  and the Financial Crimes Enforcement Network (FINCEN) guidance can be found at: https://www.fincen.gov/sites/default/files/advisory/2020-10 01/Advisory%20Ransomware%20FINAL%20508.pdf

** FBI Field Offices can be found at:  https://www.fbi.gov/contact-us/field-offices/ and online complaints to federal law enforcement can be made here:  https://www.ic3.gov/Home/ComplaintChoice and CISA complaints can be made here: https://us-cert.cisa.gov/forms/report

CONTACT INDIRA WITH QUESTIONS 

indira@cameron-banks.com 

424.757.0585 | 213.373.1894 (text) 

linkedin.com/in/indiraesq/

Skip to content