To print this article, all you need is to be registered or login on Mondaq.com.
With ransomware attacks on the rise, potential targets in
sectors including retail,1 food,2
healthcare3 and life sciences, critical
infrastructure,4 financial services, and
government5 must face the increasing likelihood that
nefarious global actors will take their most critical systems
Am I the Victim of Ransomware?
Not every hacking event counts as “ransomware.” At its
most fundamental, ransomware is malicious software deployed by bad
actors to encrypt or otherwise make the victim’s data
unavailable until a ransom is paid. The specific nature of these
attacks is evolving, however. In the past, hackers would simply
encrypt a target’s systems and then hand over the decryption
keys (most of the time) once the ransom had been paid.
Increasingly, however, hackers are now also stealing data that
has been encrypted and threatening to release that data publicly or
to sell it on the dark web. Any malware is bad malware, but
ransomware comes with a specific set of consequences and
obligations. If you have been hit with ransomware, you will want to
take certain steps.
What Can I Do Once My Systems Are Held for Ransom?
As ransomware methods evolve, so will the resulting business and
legal consequences. Although a megabyte of prevention is worth a
terabyte of cure, there are steps you can – and should
– take if hackers hold your systems for ransom to minimize
the consequences and mitigate future risk. These measures are
listed in a roughly chronological order, but many may take place
simultaneously or in a different order depending on the nature of
Follow the Plan (If You Have One)
If you find that your systems have been locked up, the very
first measure you should take is to consult your incident response
plan (“IRP”), if you have one. Ideally, your IRP should
address the measures below. If you do not have an IRP, you will
want to implement one once the dust has settled and you have
learned lessons from the ransomware attack. Or better yet, if you
do not have one, you will want to develop and test an IRP…