Ransomware: A Guide to Practical, Regulatory, and Reputational Risk Management
The National Law Review
Alaap B. Shah, Stuart M. Gerson, Andrew Kuder. Andrew (Andy) P. Rusczek, Marylana Saadeh Helou
Ransomware is a malicious cyber threat vector that employs encryption malware to prevent users from accessing their systems and data unless ransom is paid in exchange for decryption keys. What once was simple extortion has morphed into a triple threat. Criminal hackers now not only threaten to publish data unless a ransom is paid with crypto-currency in exchange for an unlocking key and assurances that any data taken are deleted, but also increasingly exfiltrate sensitive data and share it with others, often host governments adverse to U.S. interests. These hackers also use the data of a victim’s customers or contacts to perpetrate additional exploits.
The recent ransomware attack against Colonial Pipeline shut down gasoline supplies for much of the East Coast and highlighted the vulnerability of our critical infrastructure of which the health care and life sciences sector is...