This article is advertising content.

A Message From Thomson Reuters

Ransomware: Modern Day Extortion

  •  
  •  
  •  
  • Print

Names like “WannaCry” and “SamSam” pepper the news, and many organizations struggle with responding to this one-two punch of malicious software and extortion.

But exactly what is “ransomware”? How does it affect organizations? And what steps should you, as corporate counsel or an attorney advising businesses, or even as the operator of a business yourself, consider so that you and your clients can avoid becoming victims?

Ransomware Defined

Ransomware is a cyberattack that combines malicious software (malware) with extortion. Cyber criminals typically infect laptops, personal computers, or mobile devices.

How Ransomware Spreads

Cyber criminals may infiltrate their victims’ systems by:

  • Tricking individuals into opening an email attachment or clicking an embedded link. Spearphishing attacks target these messages to specific individuals or their roles in an attempt to make them appear legitimate.
  • Enticing individuals into visiting a particular website and downloading content that contains the malware, such as free games, pornography, or other apps
  • Infecting otherwise legitimate, but vulnerable, websites or software packages that then deliver the malware
  • So-called drive-by attacks where criminals exploit web browser or other software vulnerabilities so that users with unpatched software only need to visit a malicious or infected website

An Especially Serious Form of Ransomware: Crypto

Crypto is a serious version of ransomware because it can destroy data. Especially at-risk organizations include hospitals, law firms, local governments, and even law enforcement agencies.

Crypto ransomware operates by encrypting data files stored on computers and mobile devices, making the data unreadable or indecipherable without a decryption key. Cyber criminals install the malware and in essence lock the files while simultaneously demanding the target pay a ransom to obtain the decryption key to regain access.

Crypto ransomware can spread rapidly throughout an organization by:

  • Discovering and encrypting files on devices connected to the originally infected computer, including:
    • USB drives or other portable media
    • Shared network drives or shared file folders
    • Cloud storage
  • Searching for other computers, including servers and databases, networked with or accessible from the originally infected computer

Preventing Cyberattacks

Four key ways to protect against cyberattacks include:

  • Application whitelisting, which permits only known, safe applications or software to execute on your systems or hardware
  • Prohibiting external network connections to unknown or potentially hostile locations that may host command and control servers
  • Limiting administrative rights on end-user devices and access to crucial files and other data to only those with a demonstrated need to know
  • Segmenting networks to limit the malware’s spread, if a single device becomes infected

Check out the latest legal update on IP&T here.

Detecting and Responding to Attacks

Five steps organizations can take to help minimize the impact and speed recovery from a ransomware include:

  • Developing and regularly testing a comprehensive data backup and restore process, including backups for business-critical data that are not network-accessible to general end user devices.
  • Developing and regularly testing a cyber incident response plan.
  • Training workforce members to:
    • Identify potential attacks
    • Isolate infected devices, such as by disconnecting network connections
    • Immediately report incidents
    • Avoid performing their own investigations or otherwise sharing incident-related information without authorization
  • Implementing continuous monitoring and centralized logging controls to:
    • Quickly identify and remediate risks
    • Alert information technology staff to potential events
    • Maintain an event history to help identify when and where attacks occur
  • Being prepared to assess whether an attack triggers data breach notification or other regulations

This brief article on ransomware was adapted from one of the many Practice Notes available on Practical Law. To learn more, sign up for a free trial of Practical Law today.

This content is advertising.

Give us feedback, share a story tip or update, or report an error.