Tag archives: ransomware

Rare recovery in a complex ransomware case: Major NetWalker arrest leads to significant asset seizure

Data Protection Report - Norton Rose Fulbright

Norton Rose Fulbright Canada’s cyber litigation team recently obtained an order in favour of an insurer, granting it relief from forfeiture in respect of more than 11 bitcoins from the assets seized from a prolific ransomware gang.[1] This case was the first of its kind and confirms an insurer’s ability to seek recovery for losses … Continue reading

Who gets to decide to pay the ransom in a ransomware attack?

By Chris Cwalina (US), Kevin Harnisch (US), Ilana Sinkin (US) and Ashley Zatloukal (US) on January 18, 2022 Posted in Cybersecurity, Data breach, Ransomware

The onslaught of ransomware attacks since the pandemic began has not slowed. Organizations have been faced with the task of continuously reviewing their cybersecurity programs to ensure they are following best practices to protect against ransomware groups. But organizations also need to be prepared to respond to such an attack if their cybersecurity practices are … Continue reading

US HHS OCR issues cyber extortion newsletter

By Alexis Wilpon (US) on February 1, 2018 Posted in Regulatory response

This week, the US Department of Health and Human Services HHS Office for Civil Rights published a January 2018 newsletter focusing on cyber extortion.… Continue reading

“But the emails” – companies’ SEC filings reflect ransomware risks

By Anna Rudawski (US) on September 11, 2017 Posted in Compliance and risk management, Data breach

The Equifax breach will likely devour the entire breach news cycle in the near term, given the size of the incident and that it gets to the essence of the company’s business of maintaining some of the most sensitive consumer information. Still, in what for the moment might seem like a more pedestrian risk, companies … Continue reading

New Global Cyberattack Affects Businesses, Government, and Infrastructure

By on June 30, 2017 Posted in Compliance and risk management, Cybercrime

Norton Rose Fulbright - Data Protection Report blog

A new strain of malware began infecting computer systems across the globe on Tuesday. Similar to the WannaCry ransomware that struck last month, the malware used in this week’s attack spreads quickly across multiple computers on a network, encrypting files and displaying a ransom note that requests $300 worth of bitcoin for a decryption key. … Continue reading

WannaCry Ransomware Attack Summary

By on May 17, 2017 Posted in Compliance and risk management, Cybercrime

In this post, we summarize key facts regarding the WannaCry ransomware attack, provide an abbreviated list of known affected companies, and offer an overview of the legal issues and the response to the attack. This post is an update to our prior coverage of WannaCry.… Continue reading

Large Ransomware Attack Affects Companies in Over 70 Countries

By on May 12, 2017 Posted in Compliance and risk management, Cybercrime

A large-scale ransomware attack began impacting companies and hospitals across the United States, Europe, and Asia early Friday morning. According to reports, companies in more than 70 countries have reported incidents as of Friday afternoon. The attacks are being caused by ransomware called “WannaCry,” which quickly moves across systems to encrypt large amounts of computer … Continue reading

FTC Enforcement Possible for Failing to Guard Against Ransomware

By on October 6, 2016 Posted in Compliance and risk management, Cybercrime, Regulatory response

Recent comments by FTC Chairwoman Edith Ramirez suggest that a company’s failure to take preventative measures to address ransomware could result in an enforcement action by the FTC, even if a company is never actually subject to a ransomware attack. The Chairwoman’s comments reflect a growing concern among US government agencies regarding ransomware and may … Continue reading

Your Money or Your PHI: New Guidance on Ransomware

By Mark Faccenda (US) and Anna Rudawski (US) on July 14, 2016 Posted in Compliance and risk management, Data breach, Regulatory response

On June 12, 2016, the HHS Office of Civil Rights (OCR) released guidance, entitled “FACT SHEET: Ransomware and HIPAA,” in response to the rising number of ransomware attacks perpetrated against healthcare entities. The guidance addresses Health Insurance Portability and Accountability Act (HIPAA) issues that may arise when medical records containing Protected Health Information (PHI) are compromised … Continue reading

Ransomware Incident Response – Prevention, Readiness and Strategy

By on February 28, 2016 Posted in Compliance and risk management, Cybercrime

Last week, the Hollywood Presbyterian Medical Center was able to successfully negotiate the release of a collection of system resources and data files that had been encrypted and held hostage by ransomware attackers. Ransomware is a peculiar type of malware that is not designed or intended to steal personal or confidential information. Rather, ransomware is … Continue reading