Privacy & Cybersecurity Attorneys Glen Price and Leeann Habte Give Ransomware Tips for Businesses -
The recent high-profile ransomware attacks on the Colonial pipeline and JBS meat processing plants have heightened awareness of the threat of ransomware. For the thousands of businesses and public agencies that are hit with a ransomware attack each year, the threat is all too common and increasingly a cost of doing business.
The vast majority of ransomware attacks are simply the latest version of an old criminal enterprise: the protection racket. This is when a criminal organization targets you and, for a relatively small payment (average payout last year was $178,000), let you stay in business. The new twist is that, for the racket to work, they need to hit you first, taking over your network and your data and making you pay to get it back, which significantly increases the risk and the potential damage to your business operations.
How a Ransomware Attack Impacts a Business
A ransomware attack can negatively impact your business in a number of practical and legal ways. The first and most obvious impact is that your operations are suspended and you may not be able to deliver goods and services to your customers until you can get your network back up and running. Unless you have a business continuity plan and have carefully prepared to restore your system from backups, paying a six-figure ransom to get your business back up and running quickly may seem like a smart economic decision, particularly if the inability to ship product could result in liability due to breach of contract and other claims.
Unfortunately, the negative impacts can go far beyond your immediate operations.
A ransomware attack can involve the theft of your data and the private data of your employees, customers and business partners and there is no guarantee that the criminal organization that you pay ransom to will not take the opportunity for a separate payday selling this data on the dark web. This can lead to regulatory and legal liability for your business, requiring you to take steps to inform employees, customers and other third parties that their information may have been stolen and the purchase of identity theft solutions for potentially impacted individuals. The cost of complying with the law following a data breach can result in another six figure expense for your company. If your data included trade secrets and intellectual property, the future of your business and competitiveness in the market could also be impacted.
Steps to Take After Ransomware Attack
So how do you evaluate and address these risks when you have just learned of an attack on your company? There are a couple of important steps that you need to take immediately and time is of the essence:
This article first appeared in The Press-Enterprise and other Southern California Newspaper Group publications online on June 23, 2021. Republished with permission.