White House Guidance On Ransomware
22 June 2021
Butler Snow LLP
To print this article, all you need is to be registered or login on Mondaq.com.
Ransomware has become the
fastest growing type of cybercrime facing businesses today. In
2021, loss values were estimated to have reached at least 57 times
those in 2015, exceeding $20 billion. Data and privacy issues are
so prevalent, that it is estimated today that a ransomware attack
takes place every
11 seconds. It is essential for businesses to understand the
risk of ransomware attacks as data privacy and security cannot be
prioritized without a plan to combat potentially damaging
Nashville-based company SmileDirect is a
recent victim of a high-cost ransomware attack. The company
paid no ransom, but manufacturing and product delivery systems were
ocal governments have also become vulnerable to ransomware
attacks. In 2019, Louisiana declared a state of emergency after a
cyberattack affected their government servers and “many state
websites and emails” after
they took extremely protective measures to combat the
In response to the rise in and because of several recent high
profile ransomware attacks, the White House recently issued an open
letter detailing five data security
best practices. Butler Snow believes these are important in
legal circumstances as these threats can become a liability for
companies who manage private consumer information if a data breach
The open letter details 5 best practices, outlined here:
- Backup company data and test regularly while keeping backups
- Promptly update and patch systems
- Create and test your incident response plan
- Check your security team’s work and test defense
- Segment your networks to limit exposure in the event of an
These recommendations come at a time where ransomware attacks
are much more common and businesses must protect themselves now.
The Institute for Security and Technology has also
released recommendations to combat ransomware.
Since this issue has become more prevalent, it is also
imperative to understand the associated data security legal issues.
Not only can ransomware attacks shut down or disrupt business
operations; if a ransomware attack is considered a data breach, it
could require data breach notification to customers and clients and
lead to data breach class action lawsuits.
The laws around data breaches continue to
evolve. However, if a ransomware attack exposes consumer data,
it would typically be considered a data breach. In this case,
businesses must notify potentially impacted parties and the company
is subject to litigation, regulatory action, hefty fines and
reputational damage. Given the legal implications of ransomware
attacks businesses should partner with legal counsel proactively,
not in the event of an attack.
It is important for companies to have clear direction on how
data privacy law may impact them. Specific to ransomware, an
important step the White House laid out was testing an incident
response plan. You cannot test an incident response without first
having the plan in place. It is crucial to include your legal
counsel in plan creation in order to consider the implications of
cyber attacks on data security and because there is not a
one-size-fits-all solution for every business. Each incident
response plan must be hyper individualized because no business has
the same exact systems, data or processes.
It is important for businesses to adequately plan and prepare
for ransomware threats. This starts with a clear understanding of
the legal risks, a company’s individual network, and a robust
incident response plan that is regularly tested.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
POPULAR ARTICLES ON: Technology from United States
Explaining Cryptocurrency’s Ransomware Problem
Kelley Drye & Warren LLP
The recent ransomware attacks on Colonial Pipeline and JBS led to a flurry of calls to ban Bitcoin (and cryptocurrency generally) as enabling and incentivizing these attacks.
Non Fungible Tokens: US Legal Issues To Be Considered
As we move forward into 2021, beyond the rise of cryptocurrency and decentralized finance, non-fungible tokens (NFTs) have also gained in popularity. Digital creators are utilizing NFTs to monetize digital creative works.
Application Of AI In Legal Services
Oblon, McClelland, Maier & Neustadt, L.L.P
A question that is often asked is why there are so many lawyers? The question is often paired with questions about why lawyers spend so much time on seemingly insignificant tasks…