Nov. 25, 2020

All About Ransomware

Ransomware is one of the fastest growing cyber threats, with increasingly sophisticated attacks rising on entities from hospitals to municipalities. This risk has been exacerbated by the pandemic and the additional attack surfaces created by remote work environments. In this special issue, we bring you articles from our 2020 archive that discuss how to detect, prevent and respond to ransomware attacks. We will return with a regular issue on December 2, 2020, after the U.S. Thanksgiving holiday.  

Steps to Take After OFAC and FinCEN’s Warnings on Ransomware Payoffs

Two new Treasury Department advisories will complicate companies’ decisions about whether to pay extortionists who have paralyzed their systems with ransomware attacks. The OFAC advisory urges companies to diligently check that shadowy payees are not tied to sanctioned entities, while FinCEN is requesting a suspicious activity report on payoffs. In this article, the Cybersecurity Law Report discussed with lawyers and consultants from ACA Aponix, Drawbridge Partners, Hogan Lovells, Kivu Consulting, Lockton Companies and Morrison & Foerster the key aspects and impacts of the advisories for victims, financial institutions, cybersecurity vendors and insurers, and practical takeaways.  

Identifying and Preventing Ransomware Attacks

A July 2020 SEC Office of Investigations and Examinations cybersecurity risk alert focused on ransomware – a persistent and evolving threat to financial firms, as demonstrated by the attack on TCW Investment Management. In this guest article, Simon Eyres, a managing director at Drawbridge Partners, discussed the best practices identified by the alert to prevent, detect and mitigate the damage from ransomware attacks, and the threat environment in the financial services sector. 

Action Steps to Respond to Ransomware Attacks

Businesses are facing a surge of ransomware attacks during the COVID-19 pandemic as cybercriminals exploit employee distraction and the increased attack surfaces due to widespread remote working. Even before the pandemic, ransomware was transforming into a double-damage attack, as several criminal groups began adding theft of sensitive data to the crippling of computer systems. Maze-style attacks, named after the pioneering Maze Group gang, also often include threats to publicize the hack. Our checklist offers direction for companies to prepare and respond to these complicated cyberattacks and included considerations for developing a ransomware plan and a corporate ransomware payment policy, as well as ten immediate communication steps to take after an attack. 

Managing Ransomware’s Mutation Into a Public Data Breach

Ransomware crimes in recent months have undergone a game-changing transformation that carries higher stakes for victim companies than earlier forms of these attacks, according to speakers at Cybersecurity Docket’s recent Incident Response Forum. The Maze network and other cyber extortionists are not just locking up victims’ files with ransomware to make them unusable, but also to extract sensitive company data. The attackers then threaten to publish the data and to publicly trumpet their successful attack unless the victim pays the ransom. Panelists from Alston & Bird, the DOJ and Sard Verbinnen discussed the new wave of data-stealing ransomware attacks, and detailed specific steps business can take to prepare and respond to a combined ransomware attack and data breach. 

DOJ Guidance on How Companies Should Pursue Stolen Data on the Dark Web

Responding to an expanding market for cyber threat intelligence services, the DOJ published guidance in February 2020 on the legality of intelligence-gathering practices and buying data from illicit sources. In this article, the Cybersecurity Law Report spoke to John Carlin, partner at Morrison & Foerster and former Assistant Attorney General of the DOJ’s National Security Division, about the Department’s motivations for issuing this guidance, its tips and best practices, and the growing expectation that large companies will conduct threat research on the dark web.  

Preparing for and Responding to Ransomware Attacks

Ransomware and cyber extortion have been on the rise, and companies are struggling with whether to pay the demand and how to contain the damage. This article presents insight from Morrison & Foerster partners Christine E. Lyon and John P. Carlin and counsel Alex Iftimie about the current threat environment and the ways businesses can prepare for, and respond to, these increasingly sophisticated attacks.