What Can Businesses Do About Ransomware Attacks?

Use these links to jump to different sections:

• What Is Ransomware?
• Taking Proactive Steps Against Cyber Threats with Attorney Guidance
• Getting Insured Against Ransomware Threats
• Planning for Incident Response
• Responding to an Incident
• Prompt Communication is Essential
• Find an Attorney Who’s Experienced in Cybersecurity

With ransomware attacks on the rise, more businesses are turning to attorneys for advice on preventing and responding to these cybercrime incidents.

What Is Ransomware?

Ransomware is defined as malware—software designed to interfere with a computer’s normal functions—that requires the victim to give a ransom payment to access the files it encrypted.

The longer ransomware keeps business systems encrypted, the more significant the impact, says Jena M. Valdetero, co-chair of Greenberg Traurig’s U.S. data privacy and cybersecurity practice. “It’s such a devastating experience for companies.”

Valdetero and her team hear weekly from clients about confirmed ransomware attacks. “That’s been going on at that pace for about three years now,” she says. “Before that, ransomware was occurring, but it wasn’t at the degree to which we see it these days.”

Taking Proactive Steps Against Cyber Threats with Attorney Guidance

Attorneys can advise businesses on everything from consulting information technology experts to understanding cyber insurance and planning for incident response. They can help clients address legal requirements and risks, and working through one to engage experts—like forensic firms—also allows a client to have work done under privilege. “We try to be more on the proactive side as much as we can,” says Daniel A. Cotter, a partner at Howard & Howard Attorneys in Chicago.

Attorneys agree it’s essential for business systems to be secure and up to date, with IT professionals leading technical incident-prevention measures—such as endpoint detection, response, and data backup strategies, among other things.

“Working with an attorney to prepare for an incident can make a big difference in how you handle the situation, should it arise,” adds Liisa M. Thomas, leader of Sheppard Mullin’s privacy and cybersecurity team. “We work with our clients to assist them in evaluating—and, if necessary, ameliorating—their security measures, with an eye towards how those measures might be viewed by regulators or class action attorneys in the event of a data breach.”

Cotter echoes that businesses should do the appropriate IT work “behind the curtains. These attackers are constantly looking for vulnerabilities.”

Getting Insured Against Ransomware Threats

“It’s important to have cyber insurance in place to be able to respond to some of the costs that will be incurred as a result of the ransomware or other attacks,” says Cotter.

Valdetero adds that businesses should know what their policies do and do not cover. For example, a policy might require the utilization of preferred vendors. “If you call your trusted external vendor and then find out two or three days later that your carrier isn’t going to approve the vendor’s bills because they’re not preapproved, you don’t want to have to switch horses in the middle of the race,” she says. “But you also don’t want to jeopardize coverage.”

Planning for Incident Response

How can businesses be well prepared and retain business continuity when facing a ransomware attack? By working proactively with an attorney to create an incident-response plan where timing and communication are key.

For example, it’s important to identify the employees who should be involved in the response, as well as the contact information for business leaders. Valdetero advises the plan be short enough to be usable in a crisis. She also recommends businesses conduct a mock incident-response exercise. “It makes it much easier to respond quickly and more effectively if you do have a real incident,” she says, ”because your team will have developed muscle memory from the exercise.”

Responding to an Incident

Being able to respond rapidly—in the first few hours and days following a ransomware incident—is important. An attorney can help a business understand and fulfill its legal and contractual obligations, as well as its obligations to notify regulators.

“There are a growing number of laws that require notification within a very short timeframe,” says Valdetero, who adds that the landscape can be complicated. “The global nature of companies and multistate nature of data collection tends to find most companies who have data theft in a situation where they are reviewing the laws of multiple states—and, sometimes, multiple countries.”

Prompt Communication is Essential

Due to the complexity—and to ensure that investigations are conducted under privilege—Thomas says, “You really want to call counsel as soon as humanly possible.”

Cotter adds that the first call after an attack should be to counsel. Attorneys will coach businesses about navigating next steps—such as contacting law enforcement, cyber-insurance providers, and vendors like forensic investigators or public relations companies. “We need to act pretty quickly,” he says.

Above all, communications is “a super important piece” for mitigating reputational damage from sensitive data breaches, says Valdetero. “Cyber attacks have become so common that most people won’t fault a company for being the victim of an attack. But what they will still fault you for is whether you delayed in notifying and how well you communicated about it.”

Find an Attorney Who’s Experienced in Cybersecurity

Whether you’re a large or small business owner, if you have concerns about your company’s vulnerabilities to hackers or ransomware attacks, visit the Super Lawyers directory to find an experienced cybersecurity lawyer in your area for help in preventing an attack or effectively responding should one occur.

To learn more about this area of law, including how to protect sensitive information and types of ransomware, see our legal content on technology transactions and data security.