Peter A. CruscoCombating Ransomware Cyberattacks
In his Cyber Crime column, Peter A. Crusco describes the various malware and ransomware scenarios that have been playing out in countless damaging incidents throughout the nation, and analyzes legislation and preventative measures to potentially combat these cyberthreats.
December 23, 2019 at 12:00 PM
6 minute read
Ransomware, a popular form of malicious malware, continues to threaten individuals, governments and, more recently, educational institutions throughout the country. It is usually delivered through targeted "phishing emails." Phishing emails are messages sent by individuals trying to "fish" for personal or financial information or other valuable data. Alternatively, an individual may visit a site that attacks his or her hard drive once a trigger is executed such as opening a file or playing a video. The victim's computer hard drive is ensnared after opening an innocent, unintrusive-looking email that activates the malware. The victim is then locked out of his or her data or system, and a subsequent demand for payment is then sent to the victim.
In another scenario, involving a business enterprise or government agency, when an employee of an organization innocently opens the email, the malware enters the entire data system, erupting and corrupting the system at a designated time. See, e.g., Joie Tyrrell, Rockville Centre Pays About $100K to Hackers After Ransomware Attack, Officials Say, Newsday, Aug. 24, 2019. These scenarios have been playing out in countless damaging incidents throughout the nation.
|Forms of Malware
Briefly stated, ransomware is a form of malware, and must be differentiated from other forms of malware such as viruses and spyware. These other forms of malware can monitor or control your computer use and can send consumers pop up ads, redirect their computers to unwanted websites, monitor their internet surfing, or record their keystrokes, which in turn, can lead to identity theft and other crimes. See, e.g., Enigma Software Grp. USA v. Bleeping Computer, 194 F. Supp. 3d 263 (SDNY 2016).
Reported ransomware prosecutions are rare because direct evidence linking the offenders to the crime may be hard to track and/or obtain. Frequently, this form of malware attack originates outside of the geographical confines of the United States. Many ransomware attacks are sourced to Eastern Europe countries. The attacks frequently target data and systems of major American enterprises with deep pockets for extortion. See, e.g., United States v. McCormick, 2019 U.S. Dist. LEXIS 132040 (D.C., D.C. Aug. 7, 2019); United States v. Levashov, 2017 U.S. Dist. LEXIS 61619 (D.C. Alaska April 12,2017). Accordingly, many victims opt to pay the ransom instead of pursuing government investigations and prosecutions that may require large investments of the company's time and resources to be successful. In some cases, company insurance policies cover ransomware attacks, and in these cases the insurance carriers and their agents will arrange payment to the hackers and cover the cost of restoring the system.
In one notable civil case, a group calling itself "The Impact Team" hacked into the Ashley Madison website (AMW), an infidelity encounter site, and threatened to expose the identities of Ashely Madison's users if its parent company, Avid, did not shut down the site. Avid did not shut down the site and, subsequently, customer records and company data were released on the Internet in a series of "data dumps" after the site was not shut down pursuant to the hacker's demands. The released data included personal information related to the users of AMW, records of millions of credit card transactions, and internal company documents, among other documents. See In re Ashley Madison Data Sec. Breach Litig., 2016 U.S. Dist. LEXIS 57619 (E.D. Mo. April 29, 2016). The court utilized its inherent authority and granted the defendant Avid's motion to preclude the use of the stolen documents in the drafting of the class action complaint by the disclosed website users opining that the "[f]ederal courts have the authority to remedy situations that threaten judicial integrity and the adversary process."
|Recent Trends and Legislation
Recently, news reports indicate that educational institutions have become attractive targets of ransomware attacks. These institutions are particularly vulnerable. In fact, more than 500 U.S. schools (connected with 54 different education entities such as school districts and colleges) have been infected with ransomware during the first nine months of 2019, making the education sector one of the leading ransomware targets. Locally, a ransomware virus in July 2019 forced a Long Island school district to pay hackers nearly thousands of dollars to restore its computer system. Such attacks can paralyze the day-to-day operations of these schools, and have become increasingly common. See, e.g., Schumer Proposes Teams to Help Schools Fight Cyberattacks, Newsday, Sept. 23, 2019.
Given that schools pose a particularly sensitive target as the records and privacy interests involved are significant, federal legislation has been proposed to aid in combating ransomware attacks. The "Cyber Hunt and Incident Response Teams Act of 2019" would provide "intrusion analysis tools … help identify malicious actors," and "suggest mitigation assistance strategies" to the institutions that have proved vulnerable to such cyberthreats. See H.R. 1158, 116th Congress, "DHS Cyber Hunt and Incident Response Teams Act of 2019," Dec. 8, 2019.
The Act requires the U.S. Department of Homeland Security to maintain the cyber hunt and incident response teams for the following purposes: assisting asset owners and operators in restoring services following a cyber-incident; identifying potential cyber intrusions and cyber risks to partners; developing mitigation strategies to prevent, deter and protect against cyber threats; and providing recommendations to asset owners and operators for improving their network security.
|Remedies and Conclusion
Ransomware attacks can be quite costly and even lethal to an organization's existence, especially if that organization does not regularly have a remote backup cloud system in place. Law enforcement authorities with experience in confronting ransomware attacks suggest that these attacks may be reduced, and even thwarted by a thorough educational program that teaches the members of the organization to refrain from opening unknown or suspect emails, and taking other preventative measures such as enabling preventative spam filters, conducting regular malware scans of incoming and outgoing emails, and regular testing and vulnerability assessments, as well as including routine data backup at remote cloud locations. They also suggest isolating infected data immediately, and taking the system offline, changing all online account passwords and network passwords.
Peter A. Crusco is the executive assistant district attorney, Investigations Division, Office of the Queens County District Attorney. The views expressed herein are the author's, and do not necessarily reflect the policies or views of the office.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
The Unraveling of Sean Combs: How Legislation from the #MeToo Movement Brought Diddy Down
When It Comes to Local Law 97 Compliance, You’ve Gotta Have (Good) Faith
8 minute read
From ‘Deep Sadness’ to Little Concern, Gaetz’s Nomination Draws Sharp Reaction From Lawyers
7 minute read
Trending Stories
- 1Gibson Dunn Sued By Crypto Client After Lateral Hire Causes Conflict of Interest
- 2Trump's Solicitor General Expected to 'Flip' Prelogar's Positions at Supreme Court
- 3Pharmacy Lawyers See Promise in NY Regulator's Curbs on PBM Industry
- 4Outgoing USPTO Director Kathi Vidal: ‘We All Want the Country to Be in a Better Place’
- 5Supreme Court Will Review Constitutionality Of FCC's Universal Service Fund
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
