Written by Ruth Promislow and David Cassin
Ransomware is a malicious software that is secretly installed on a target’s computer and encrypts files, making them inaccessible to users unless they are unlocked with a code. Ransomware can attack a sole computer, or infect several computers on the same network.
While the United States is reported to be the most affected region for ransomware attacks over the last year, Canada ranks a close second.2 For 2017, ransomware attacks in Canada are forecasted to increase within the public, legal and financial services sectors.3
Businesses–and particularly their directors–must be aware of this risk in order to defend against it and be prepared if it does materialize.
How does Ransomware Work?
Ransomware is most commonly spread by emails with contagious attachments or hyperlinks to fraudulent websites.4 The emails and websites are disguised as authentic communications, however once clicked or accessed, the ransomware encrypts files and blocks access until the ransom is paid. Typically, the hacker responsible for the ransomware threatens to permanently erase all of the user’s data if the ransom is not paid within 24–72 hours.5
Increasing Attacks on Businesses
Of 125 anonymous Canadian organizations which participated in a global ransomware survey this year, 72 percent reported being the victim of a cyber-attack in the previous 12 months, and of those, 35 percent were identified as ransomware attacks.6
In April 2016, the United States Department of Homeland Security and the Canadian Cyber Incident Response Centre issued a joint cyber alert warning of the increase in ransomware attacks. The alert stated that it was issued due to the rising attacks on business and governmental agencies, including hospitals, worldwide.7
A 400 percent increase in ransomware attacks against U.S. businesses in 2017 is predicted by Beazley Group, a worldwide provider of data breach insurance.8 It is reasonable to expect that the forecast for the U.S. is informative of the increasing risk for Canadian businesses.
What to Do If Hit with a Ransomware Attack?
The best defence to ransomware attacks is to take preventive measures. However, even the best line of defence is not immune from a successful attack.
Businesses should have a detailed plan in place for dealing with cybersecurity threats, including ransomware attacks. Do not wait for a cyber-attack to occur before planning how to handle this business risk. The cybersecurity plan should be developed in consultation with experienced legal counsel.
There is no precise formula for how to deal with any one ransomware attack. Ultimately, businesses under attack by ransomware may have limited options due to the deadline for responding to a hacker’s ransom demand. Options may include attempting to decrypt data via third-party specialists, reporting the attack to authorities, and/or paying the demanded ransom.
Retaining experienced legal counsel upon learning of the attack is important in order to mitigate the consequences of an attack by ensuring the following is done quickly and efficiently:
- directors and/or officers are fully advised on best practices in the particular circumstances of the attack;
- all available options are canvassed;
- technical resources are being utilized appropriately;
- the business is in compliance with legal reporting obligations; and
- the risk of potential fall-out litigation against the business has been factored in to the decision of how to handle the ransomware attack.
In handling a ransomware attack, businesses and their directors must be mindful of the potential legal implications of their business strategy decisions.
2 Symantec, “Ransomware and Businesses 2016”, at pp.6-7 (“Symantec Report”).
3 KPMG, “Cyber Watch Report”, April 2016, at p.1 (“Cyber Watch Report”).
4 Cyber Watch Report at p.1.
6 Osterman Research Inc., “Understanding the Depth of the Global Ransomware Problem”, August 2016, at p.24.
8 Beazley, Breach Insights, October 2016, at p.1.