Skip to the main content.
Apply Now Login/Renew
Apply Now Login/Renew
Law Firm Insurance
What Size Law Firm Are You?

We've crafted solutions tailored to your firm

Insurance Glossary

The world of insurance for law firms can be confusing, and difficult to navigate. We've created this glossary because these common insurance terms should be easy to understand.

Free Resources
Continuing Legal Education

Relevant. Affordable. Actionable.

Your Time is Too Valuable To Struggle Finding Quality CLE

FIND YOUR CLE COURSE

ALPS Legal Blog
← Blog Home

If You Are Hit by Ransomware, Do You Negotiate? If So, How?

1 min read

Picture of Sharon D. Nelson Esq., Sensei Enterprises Sharon D. Nelson Esq., Sensei Enterprises : Oct 27, 2020 12:00:00 AM

Cybersecurity
If You Are Hit by Ransomware, Do You Negotiate? If So, How?

The following post was originally published on October 1 on the Ride The Lightning Blog by Sensei Enterprises, Inc. 

If You Are Hit by Ransomware, Do You Negotiate? If So, How?

Man, that’s a good question. Why would you ever pay? Especially if you have good backups?

As cybersecurity expert Bruce Schneier notes in a blog post, there are solid arguments for and against paying a ransom.

Arguments cited by Schneier for making a ransomware payment include:

  • Payment is the least costly option;
  • Payment is in the best interest of stakeholders (e.g. a hospital patient in desperate need of an immediate operation whose records are locked up);
  • Payment can avoid being fined for losing important data;
  • Payment means not losing highly confidential information; and
  • Payment may mean not going public with the data breach.

The arguments against making a ransomware payment include:

  • Payment does not guarantee that the right encryption keys with the proper decryption algorithms will be provided;
  • Payment further funds additional criminal pursuits of the attacker, enabling a cycle of ransomware crime;
  • Payment can do damage to a corporate brand;
  • Payment may not stop the ransomware attacker from returning;
  • If victims stopped making ransomware payments, the ransomware revenue stream would stop and ransomware attackers would have to move on to perpetrating another scheme; and
  • Using Bitcoin to pay a ransomware attacker can put organizations at risk. Most victims must buy Bitcoin on entirely unregulated and free-wheeling exchanges that can also be hacked, leaving buyers’ bank account information stored on these exchanges vulnerable.

As Bruce says, “When confronted with a ransomware attack, the options all seem bleak. Pay the hackers ­ and the victim may not only prompt future attacks, but there is also no guarantee that the hackers will restore a victim’s dataset. Ignore the hackers ­ and the victim may incur significant financial damage or even find themselves out of business. The only guarantees during a ransomware attack are the fear, uncertainty and dread inevitably experienced by the victim.”

There are professionals who handle the negotiation of ransomware demands. You can read an interview with one of these professionals from a Red Tape Chronicles post.

It is, to put it mildly, educational.

Hat tip to Dave Ries.

printfriendly-pdf-button-nobg-md-Nov-01-2022-08-44-54-4335-PM

 

Authored by:

Sharon D. Nelson Esq., Sensei Enterprises

Sharon D. Nelson, Esq., is the President of Sensei Enterprises, Inc., a digital forensics, cybersecurity and information technology firm in Fairfax, Virginia. Ms. Nelson is the author of the noted electronic evidence blog, Ride the Lightning and is a co-host of the Legal Talk Network podcast series called “The Digital Edge: Lawyers and Technology” as well as “Digital Detectives.” She is a frequent author (eighteen books published by the ABA and hundreds of articles) and speaker on legal technology, cybersecurity and electronic evidence topics. She was the President of the Virginia State Bar June 2013 – June 2014 and a past President of the Fairfax Law Foundation and the Fairfax Bar Association. She may be reached at snelson@senseient.com

7 Ways Law Firms Invite a Data Breach

7 Ways Law Firms Invite a Data Breach

Picture of Sharon D. Nelson Esq., Sensei Enterprises Sharon D. Nelson Esq., Sensei Enterprises : Jun 26, 2024 7:00:00 AM

Why Would Law Firms Invite a Data Breach? We fall back on the words of Forrest Gump. “Stupid is as stupid does.” 2023 was a very bad year for law...

Cybersecurity
Read More
Why Shadow AI is a Problem for Law Firms

Why Shadow AI is a Problem for Law Firms

Picture of Sharon D. Nelson Esq., Sensei Enterprises Sharon D. Nelson Esq., Sensei Enterprises : Nov 22, 2023 12:31:39 PM

Remember Shadow IT? Well say 'hello' to its pal, Shadow AI There were plenty of articles written about Shadow IT — defined by Cisco as “the use of...

Cybersecurity
Read More
Ethical and Budget Friendly Cybersecurity for Solo Lawyers

4 min read

Ethical and Budget Friendly Cybersecurity for Solo Lawyers

Picture of Sharon D. Nelson Esq., Sensei Enterprises Sharon D. Nelson Esq., Sensei Enterprises : Feb 22, 2022 12:00:00 AM

Current Climate We are a very mobile society and our technology usage seems to increase with every passing day. Lawyers are no different. It is not...

Solo and Small Firm Resources Cybersecurity
Read More