RANSOMWARE AND DATA PRIVACY: CLASS ACTION LITIGATION
CD: How would you characterise the nature and prevalence of ransomware attacks? What risks do such attacks present to businesses?
Dubuisson: We have noted a significant shift in cyber threats, with a marked increase in ransomware attacks alongside daily concerns about email fraud. These attacks, not confined to well-known groups like LockBit, display a cyclical pattern, surging during geopolitical unrest. Ransomware exploits software vulnerabilities, and often targets organisations with delayed patching, emphasising the importance of timely cyber security maintenance. The evolving threat landscape witnesses sophisticated and diversified techniques, including phishing, social engineering and exploiting vulnerabilities, making defence challenging. Double extortion tactics, which threaten data disclosure along with encryption, intensify pressure on businesses. While these attacks pose financial burdens and additional costs for investigation and data recovery, they also harm reputations and erode trust. Operational disruptions compound the recovery process, highlighting the multifaceted risks ransomware poses to businesses.
Baladi: Ransomware attacks are one of the most common forms of cyber attacks companies face. These attacks can be particularly devastating for those companies that do not regularly back up their data as they will be more likely to pay the ransom than a company that can reboot its systems with back up data. Furthermore, depending on the category of impacted data, a ransomware attack can cause serious service interruptions and incur high recovery costs and other consequences regarding the company’s obligations to clients or providers. In addition, ransomware attacks can lead to personal data breaches which will trigger privacy-related obligations for the target company, namely notifications to regulators, exposing companies to potentially heavy fines. Such attacks are mostly carried out by malicious actors exploiting vulnerabilities and compromised credentials.
Jan-Mar 2024 issue
CMS DeBacker
Gibson, Dunn & Crutcher LLP
Quinn Emanuel Urquhart & Sullivan, LLP