Counsel For Navigating

The Growing Ransomware Threat


Ransomware targeting a broad range of companies is rapidly increasing to the extent that ransomware payments are set to nearly double in 2021. The nature of the threat, the high stakes, and the immense pressure these attacks levy on their victims make having trusted counsel a priority for navigating the ransomware crisis. As counsel, we help clients prepare and respond to cyberattacks such as ransomware in a manner that comprehensively accounts for both legal and business considerations. 

Preparation is critical to ensuring an orderly and optimal response to any future cyberattack ransomware incidents, so instituting a formal plan should be prioritized. In addition, tabletop exercises, testing, and reinforcement of technical and physical security also play a crucial role in protecting against ransomware, limiting damage should an incident occur, and mitigating liability post-incident. Further, ensuring the inclusion of ransomware insurance is also integral in the planning phase. 

Responding to a ransomware incident, including demands for payment, is also multi-pronged. First, the response should align with an established ransomware incident response plan which assures that actions are legally compliant, protected by the attorney-client privilege, and are otherwise orderly and astute. One of the core considerations for response includes ensuring compliance with the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) Specially Designated Nationals and Blocked Persons List (SDN List). Advisory from OFAC is especially relevant when the ransomware payment demand is for a cryptocurrency such as Bitcoin. Often, in such a scenario attributing the demand to a specific actor is difficult, making checking the sanctions list challenging. Still, due diligence, such as notifying the appropriate agencies, including law enforcement and performing a search of OFAC's SDN List, which now also lists crypto wallet addresses, will go a long way toward mitigating enforcement action. 

While cyberattacks in general and ransomware incidents in specific are highly dynamic areas of the law, we take pride in staying on the cutting edge of developments in the space to provide clients with effective counsel. 

Learn How RICHT Can Help You Navigate Ransomware Challenges

    Ransomware News

    The Record

    Ransomware Payments Doubled To More Than $1 Billion In 2023

    Companies, individuals and other victims of ransomware attacks paid hackers more than $1.1 billion in 2023 in exchange for unlocking their data, according to new research.

    Ransomware Law

    China’s ICBC, The World’s Biggest Bank, Hit By Ransomware Cyberattack

    ICBC, the world’s largest lender by assets, said Thursday its financial services arm experienced a ransomware attack “that resulted in disruption to certain” systems.

    Ransomware Law
    The New York Times

    Hundreds of Businesses, From Sweden to U.S., Affected by Cyberattack

    In Sweden, a grocery chain temporarily closed its doors after the attack. Some companies have been asked for $5 million in ransom.

    Ransomware Law

    Privacy & Cybersecurity Practice Insights