Top Issues for General Counsel Regarding Ransomware

This guide outlines critical issues that general counsel need to be aware of concerning ransomware, a growing multibillion-dollar criminal industry. It discusses the significant impact of ransomware attacks on business operations, emphasizing that paying a ransom does not guarantee recovery and often leads to extended downtime. The guide stresses the importance of robust incident response plans, including the incorporation of ransomware playbooks and tabletop exercises. It also highlights the complexities surrounding cyber-insurance coverage, noting the increased scrutiny from insurers due to the rising frequency of attacks. The document details the evolving tactics of ransomware actors, including double extortion methods, and the legal implications of ransom payments in light of regulatory guidance from U.S. authorities. Furthermore, it addresses the shifting approach of U.S. law enforcement in combating ransomware, including the establishment of a dedicated task force aimed at enhancing coordination and information sharing among agencies and the private sector.