Some forms of cyber extortion are automated and not targeted at any specific victim. For example, “ransomware” refers to a type of malware that prevents users from accessing their systems unless, and until, a ransom is paid. Although variants of ransomware operate differently, many encrypt the contents of a victim’s hard drive using asymmetric encryption in which the decryption key is stored on the attacker’s server and is available only after payment of the ransom. Victims typically discover the ransomware when they receive an on-screen message instructing them to transfer funds using an electronic currency, such as bitcoin, in order to receive the decryption key and access to their files. “CryptoLocker” is the most famous ransomware family and first appeared in 2013.

What to think about if your organization is impacted by ransomware: 

1. Is the ransomware designed to export data before encrypting it?
2. If so, did the impacted data contain any personally identifiable information that might implicate a data breach notification statute?
3. Is it possible for your organization to recover the impacted files using backup systems?
4. Is the variant of ransomware involved associated with a known criminal enterprise?
5. If your organization were to pay the ransom demand, is it likely that the recipient of the funds may be associated with terrorism or located in a restricted country?
6. Is cyber extortion and/or ransomware covered under your cyber insurance policy?

The following provides a snapshot of information concerning ransomware.

[1] FBI, 2014 Internet Crime Report at 47 available at IC3.gov (last viewed Nov. 22, 2015).

[2] Symantec, Security Response: The Evolution of Ransomware (Aug. 6, 2015) at 5.

[3] Id. (increase between 2013 and 2014).

[4] FBI, Ransomware on the Rise: FBI and Partners Working to Combat This Cyber Treat (Jan. 20, 2015).

[View source.]