July 12, 2020

Volume X, Number 194

July 10, 2020

Subscribe to Latest Legal News and Analysis

July 09, 2020

Subscribe to Latest Legal News and Analysis

Ransomware Attacks

Big name companies, government agencies and individuals are all falling victim to “ransomware” attacks in record and still-rising numbers. Recently, Hollywood Presbyterian Hospital’s communications capabilities were disabled for 10 days before the hospital paid a ransom of 40 bitcoins – about $17,000 – and regained access to its system.  All this activity has led experts to label 2016 as “the year of ransomware.”  And this new form of cyberattack requires a different approach to cybersecurity and incident recovery than your data breach prevention plan.

What is ransomware? Ransomware is malware that disables systems or encrypts data, critical system files and applications and demands a payment to re-enable or unlock them.  There are two kinds of ransomware:  “Locker,” which leaves data untouched by keeps owners from accessing it on their devices; and “Crypto-Ransomware” which leaves users with access to their computers but encrypts their files and applications; once the ransom is paid, the hackers send a decryption key.

A similar form of attack has also increased: cyber-blackmail. In these cases, the attacker copies confidential email and files of the target then threatens to release them publically unless a ransom is paid.

How does ransomware get onto companies’ systems? Ransomware may be downloaded in a variety of ways:  via “phishing” schemes, in which employees are induced to click on harmful links or download harmful files; by downloading infected apps; or through compromised ads (known as “malvertising”) on mainstream sites.  Hackers are increasingly sophisticated and creative in using a wide variety of means to introduce ransomware onto computers and mobile devices.

How do I know if my systems have been infected by ransomware? Ransomware encrypts files on the victims computers and flashes users a message instructing them to pay a ransom in bitcoin.

Example of “TeslaCrypt” warning

pic 1

Example of “CryptoLocker” warning  

pic 2

Example of “Locky” warning

pic 3

How much ransom do the hackers demand? Most demands have ranged from the hundreds of dollars (for individual computers or mobile devices) to the tens of thousands of dollars, but the amounts appear to be increasing.

How do I protect my company from a ransomware attack?

  • Back up all of your critical applications and data – and test the backup systems to be sure they can be restored before you have an attack.

  • Make sure your system includes robust firewalls and that your Intrusion Detection/Prevention Systems are up to date.

  • Whenever possible, keep data encrypted, whether in transit or stationary. While encryption will not prevent a ransomware attack, it will protect your data from being used for financial gain.

  • Restrict access to sensitive files

  • Ensure all employees are aware of the threats and methods of attack and are following sound cybersecurity policies

  • Keep a copy of your emergency response plan – including phone numbers of key contacts – somewhere other than on your company’s systems.

What should I do if my company suffers a ransomware attack? Involve your outside counsel so that your decision-making process and investigation are protected by the attorney-client privilege. You then have several options: (1) Pay the ransom. In most cases, system access is restored after payment of the ransom, but there is no guarantee; (2) If you have backups and redundancies, you may be able to restore your systems without paying the ransom; (3) engage a security/forensic company for assistance in freeing your systems; (4) alert the Secret Service or other law enforcement agency. They may investigate, but may not be able to assist you in freeing your systems.

If I choose to pay the ransom, how and where do I get bitcoin?  

Do not follow the payment links suggested by the ransomware as they may introduce malware that will further compromise your computers and files. In most cases, the ransomware will require payment by bitcoin because such payments cannot be reversed, and because it will be very difficult for anyone to identify the recipient. If your outside counsel has experience responding to ransomware attacks, they can help you with the logistics of buying and sending bitcoin. You will need to open an account with reputable bitcoin exchange and purchase sufficient bitcoin. How much information the company will need and how long this will take depends on the amount of the bitcoin you need to purchase, and the speed of the exchange company’s intake process, but it may take two or three days after the ACH payment is initiated before exchanging the dollars sent for bitcoin. Once the bitcoin is in the bitcoin wallet associated with your account, you will be able to pay the ransom nearly instantaneously.

Copyright © 2020, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume VI, Number 88


About this Author


Laura Jehl is a partner in the Business Trial Practice Group in the firm’s Washington, D.C. office. Ms. Jehl is a privacy and cybersecurity expert and serves as Co-Leader of the Privacy and Data Security Practice.

Ms. Jehl has more than two decades of in-house and private practice experience, and has represented clients on a wide range of business and legal matters, including privacy, data security, breach response, litigation and government investigations, crisis management, Internet, digital media, technology and First Amendment matters. Most...

Alexander Major, Legal Specialist, Sheppard Mullin,  Government Contracts

Alex Major is an associate in the Government Contracts, Investigations & International Trade Practice Group in the firm's Washington, D.C. office.

Areas of Practice

Mr. Major's professional experience involves a wide variety of litigation, administrative, and counseling issues related to federal procurement laws. His diverse experience includes complex litigation in federal court under the qui tam provisions of the False Claims Act and bid protest actions. He counsels large and small companies on issues relating to compliance with government regulations including, among other things, multiple award schedule requirements and compliance, country of origin requirements under the Buy American and Trade Agreements Acts, merger and acquisition due diligence, cost accounting, subcontracting disputes, and small business requirements. He also regularly conducts compliance reviews and internal investigations to assist companies ensure that they are in full compliance with the law.

adam ettinger, sheppard mullin, corporate attorney, technology lawyer

Adam Ettinger is a partner in the Corporate Practice Group in the firm’s Century City and Palo Alto offices. His practice focuses on venture financing, technology development, channel relationships, intellectual property, licensing, privacy, online advertising, and e-Commerce.

Mr. Ettinger represents leaders in semiconductors, networking technology, digital currencies, social gaming, internet advertising and mobile apps.  His clients have included AMD, Apple, BitGo, DeviceScape, Intel, Lucrative Gaming (fgl), Magma Design, Network Solutions Inc...