skip to main content
Receive client alerts and/or Silicon Valley e-News in your inbox.
The following information is provided with the consent of the company, though it will remain anonymous to discourage revenge attacks. An executive who helped lead the company’s response to the ransomware attack discussed his experience with Bulldog Bites, Womble Carlyle’s bi-weekly podcast. That episode can be found at www.wcsr.com/podcast.
On a Saturday night, the company’s servers slowly began shutting down. By Sunday morning, it became clear the IT system was under attack. After alerting the company’s cyber insurance company, a response team was mobilized and found ransomware in the client’s system. The intrusion was so sophisticated that it required significant forensic expertise to identify the embedded malware. The resulting investigation also showed that Russian cybercriminals had made an entry through an administrator’s computer that was left connected to the internet overnight. Additionally, the individual’s login password was weak. The attackers were able to crack it, giving them high-level access throughout the system.
As the forensic cyber team worked to locate the intrusion, they learned the intruders had been trading bitcoin on the excess server capacity for several weeks prior to the attack. During the investigation, ransom notes were found throughout the system. The attackers demanded more than a million dollars in untraceable internet Bitcoin or else all of the company’s data and software would be erased.
Fortunately, the company had done its homework. They had a separate backup system that had not been corrupted. However, they did lose a week’s worth of business and data. As is standard practice in this area, the forensic investigation was conducted under the auspices of outside legal counsel to safeguard the attorney client privilege in case of future litigation.
Cybercrime is a sophisticated global business with revenues estimated at $445 billion in 2015 alone. Historically, international cybercriminals have targeted large financial, tax and insurance businesses, stealing credit card and personal identity information, and selling it to street gangs and other criminals in the United States. The data fed a massive pool of relatively small-scale financial, tax and insurance fraud.
But the pay-offs from this business model were often disappointing. Middle men capture much of the profits. Returns are waning as the victims of credit card and other cyber fraud are getting much better able to protect themselves. This is causing cybercriminals to turn to ransomware and other targeted computer fraud to extort large one-off payouts from individual data-dependent businesses. For this reason, small and medium sized manufacturing firms are increasingly the targets of cybercrime.
Here are our Ten Tips for Protecting Your Company from Cyber-Criminals:
10. Review the company’s contractual obligations to protect the data of others to ensure that they are reasonable in scope and damages. Review the company’s contracts with vendors to ensure that they protect the company’s data.
Womble Carlyle’s cyber security and data privacy team is available to assist and advise clients in efficiently dealing with a cyber crisis and in executing these important steps.
To learn more about the issues in this client alert, please contact Claire Rauscher at 704.331.4961 or CRauscher@wcsr.com, Belton Zeigler at 803.454.7720 or Belton.Zeigler@wcsr.com or you may contact the Womble Carlyle attorney with whom you normally work.