How Does a Ransomware Attack Work?

EPGD Law Privacy Law

Ransomware is one of the various kinds of malware that are used by hackers during malicious attacks of companies and individuals. It is one that is developed through cryptovirology which is the method by which hackers create viruses to hack into systems. Ransomware is different from other malware in that it locks down the user’s access and data, effectively holding it “ransom” until a determinate sum is paid to the deployer of the ransomware.

What is a ransomware attack?

Ransomware attacks are malicious attacks by hackers that lock down your systems and data to get ransoms paid in exchange for release of the data. Some recent examples of these in 2020 include companies like Garmin, which paid the largest ransomware attack to date at $10 million. Also, Software AG, UC San Francisco, ISS World, and Cognizant. The damages incurred by companies such as the ones mentioned ranged from $50 million to $70 million. These attacks originate from a hacker who makes a code, sells it on the “dark web” and then the buyer of the code is set loose on the internet waiting for a victim to trigger it. This malicious chain of attackers remains anonymous while making money from its victims.

Should a business pay a ransomware attack?

In short, no. The Department of Treasury’s Office of Foreign Assets Control (OFAC) has issued guidelines which provide that payment of ransomware may violate federal law. This falls under OFAC’s sanctions provisions that may lead to fines in the millions of US Dollars. In addition to the regulations provided by OFAC, business also have fiduciary duties with their clients and employees, whose information may have been compromised during a ransomware attack. Paying the ransom could potentially lead to legal issues of the breach of the fiduciary duties that are owed to your employees or clients.

What do you do if you suffer from a ransomware attack?

Rather than paying the ransom here are some options that can help strengthen your business’ response to a ransomware attack: Isolate the system; kill off communication channels with the infected areas of the system; block IP addresses; use your IT professionals to find decryption keys; secure backup data; preserve locked files; check for infections; and call law enforcement. Additionally, there are various steps that a business can take to secure its system and hedge against possible ransomware or malware attacks. These include ensuring that your business has backup servers or saved backups of data, prepare a strong incident response plan in the case that an attack occurs, acquire cybersecurity insurance policies, carry out data breach assessments with IT professionals, and routinely seek penetration testing to ensure that all access points to your system are secured.

EPGD Business Law is located in beautiful Coral Gables, West Palm Beach and historic Washington D.C. Call us at (786) 837-6787, or contact us through the website to schedule a consultation.

*Disclaimer: this blog post is not intended to be legal advice. We highly recommend speaking to an attorney if you have any legal concerns. Contacting us through our website does not establish an attorney-client relationship.*

Share this post

Silvino Diaz

Silvino E. Diaz’s practice ranges from Civil and Commercial Litigation to Entertainment and Intellectual Property Law. Silvino has earned a reputation as one of Puerto Rico’s foremost advocates for independent musicians and artists. As a result of his sustained commitment to creative industries, he was named Professor of Intellectual Property Law at Atlantic University College (Guaynabo, PR) – the Caribbean’s leading digital arts institution – where he spearheaded the “Introduction to IP” course for both the graduate and undergraduate programs, and was appointed by the Office of the President to develop an Intellectual Property graduate curriculum, where he served until moving to Miami in 2017. He is the founder of the service known as Starving Artists, where he offers innovative business and legal counsel for artists and creatives.


*The following comments are not intended to be treated as legal advice. The answer to your question is limited to the basic facts presented. Additional details may heavily alter our assessment and change the answer provided. For a more thorough review of your question please contact our office for a consultation.

Leave a Reply

Your email address will not be published. Required fields are marked *



Contact Us

"*" indicates required fields