Ransomware attacks are perpetrated by criminals intending to steal sensitive consumer information. These attacks cause serious problems, including interrupting the daily operations of the targeted company and putting their clients and customers at risk.
Though nothing is full-proof, businesses and organizations are responsible for doing everything possible to protect sensitive information and prevent ransomware attacks. If you are a victim of a ransomware attack that resulted in financial loss, the business or organization that was the subject of the attack could be held accountable.
How are Victimized Businesses Responsible for Damage Done to Consumers or Clients in an Attack?
Businesses are responsible for adhering to basic security protocols and protecting customers and clients from risk.
Unfortunately, according to a January 2017 study published by the Ponemon Institute, only about a third of businesses say they conduct appropriate training on ransomware and other cyber threats.
Even the most basic security measures could prevent the vast majority of attacks, but many businesses just aren’t taking the risk seriously.
What can a business do to reduce their risk for a ransomware attack?
- Update computer software
- Update operating systems
- Use application whitelisting that blocks unauthorized programs
- Restrict administrative privileges
- Back up data on a regular basis
- Train employees to recognize risks
Who is Liable for a Ransomware Attack that Hurts You Financially?
Consumers who suffer financial losses because of ransomware attacks might be eligible to take legal action.
An investigation is currently underway concerning a 2017 ransomware attack that affected multiple businesses and organizations that failed to download a security patch offered by Microsoft.
According to Microsoft, it should not be held liable for any attacks or data breaches because they offered the patch free of charge. Any affected company or organization that failed to download the patch could be considered negligent.
Several lawsuits have been filed in the aftermath of the 2017 attack and more are expected.
Additionally, there have been several multi-million dollar settlements related to ransomware attacks that were intended to provide consumers affected with compensation to pay for identity theft protection and to help them recoup their financial losses.
Ransomware Attacks on the Rise
Cybersecurity experts also point out that ransomware attacks are becoming increasingly sophisticated and demands are on the rise.
According to the 2018 Quarter 4 Global Ransomware Marketplace Report from Coveware, a company that aggregates global ransomware data to minimize the risk of ransomware related costs and downtime, the average ransom increased by 13 percent compared to Quarter 3’s numbers. Attacks targeting large organizations – ones you would assume would have top-notch security – also rose in 2018.
Crowdstrike, a cybersecurity company focused on preventing and resolving sophisticated attacks that target the world’s leading businesses, reports that while 2018 lacked high-profile ransomware attacks like those seen in the previous year, there were still a number of disruptive incidents that were linked to “state-sponsored targeted intrusion adversaries.” Crowdstrike believed the year’s most notable trend to be ransomware operations targeting large organizations, a practice that is sometimes called “Big Game Hunting.”
Increased Penalties and Felony Charges against those Committing Ransomware Attacks
Ransomware attacks have become so devastating that at least one state is considering harsher penalties for the practice.
A bill proposed by Maryland state lawmakers would make it a felony to launch a ransomware attack and would also attach stiffer penalties for those found guilty. The bill specifically addresses hackers who target healthcare organizations – one of the primary targets of ransomware attacks.
The bill was created at least partially in response to the ransomware attack on Maryland’s MedStar Health System that occurred in 2016.