O’Melveny Lawyers Offer Guidance on Responding to Ransomware Attacks in Corporate Counsel Article

O’Melveny partner Kiran Raj and associate Mallory Jensen co-authored the article, “Ransomware: What to Do When it Happens to You,” published October 27, 2017, in Corporate Counsel.

“In an ideal world, your company has all its critical information and data comprehensively and securely backed up, employing strong defenses against hacking, phishing, and other cyberattacks,” the authors write. “In the event that your company is nonetheless the victim of a ransomware attack, this document provides steps to be taken as part of its response to such an incident.”

Implement previously created security incident response and business continuity plans. Cyber response and business continuity plans should contain the following steps to address a ransomware situation:

-Conduct initial analysis of the ransomware. After detecting the ransomware or receiving a ransom demand, it is important to determine, in a timely manner, the original affected device, the scope of infected systems, and any vulnerabilities in the company’s systems that were exploited. Conducting such an initial analysis will be immensely helpful during subsequent stages of responding to the ransomware. It is important to conduct this exercise in a forensically sound manner that does not alter or obscure evidence of the attacker’s actions.

-Determine whether the ransomed data, or any parts thereof, exist, and make sure they are properly secured. Assess whether the ransomed, encrypted data exists on unaffected devices, with backup systems, or unaffected servers.

-Consider what type of data and how much may have been affected or compromised. Knowing whether sensitive information, such as health or financial records, are impacted and how many customers’ records may be at issue is important. This information will inform the size of the team that needs to be mobilized in response, as well as the type of response, including breach notification, that may need to be taken.

-Take steps to prevent continued access by the attacker. It is important to limit the attacker’s ability to take advantage of any vulnerability and to segregate unaffected systems and data.

-Report internally to the designated individuals to coordinate response. In appropriate cases, it may make sense to apprise senior business leaders, including the Board, who may need to make decisions about how to proceed.

-Keep contemporaneous records. In consultation with legal counsel, it may make sense to record relevant information about the ransomware attack and your response to it, including logging when the attack was first detected, what steps were taken in response, who was notified, and other important information. To the extent possible, this information should be obtained and recorded in a way that does not delete or modify relevant files.

Contact American LegalNet today – The #1 Provider of Litigation Workflow Solutions.

 

Formerly the Department of Homeland Security’s highest-ranking attorney focused on cybersecurity and technology, Washington, DC-based Raj draws on his extensive government and corporate experience to counsel clients on their most critical cybersecurity and privacy issues.

Jensen, who resides in the firm’s San Francisco office, is a highly strategic and skilled litigator specializing in complex civil disputes, regulatory matters, internal investigations, antitrust litigation, data security and privacy matters, and intellectual property disputes.

Read entire article written bKiran Raj and Mallory Jensen in Corporate Counsel here.

 

Leave a comment

Your email address will not be published. Required fields are marked *

Bitnami