Cybersecurity Alert – Ransomware and Cyber Extortion

    By Nicole J. Harrell, Data Privacy and Security

    A New Wave of Old Crimes: Ransomware and Cyber Extortion

    Ransom is a simple ploy that has been used by criminals for years. The dynamics are easy to understand a criminal takes something meaningful to you and demands that you pay to get it back. Cyber criminals are no stranger to this game, but they have upped the ante.

    Ransomware is malicious software that is specifically designed to take control of a computer system or its data and hold it hostage. The attackers then demand a large payment. Once the money is paid, the attackers will most often provide a decryption key allowing the victim to access its system and data. CryptoLocker is one type of ransomware that can be used to restrict access to systems and data.

    Extortion, like ransom, is simple a criminal causes or threatens to cause harm and you pay to stop the harm. Cyber extortion is a related crime, but is not a type of software. Extortion can come in several forms. A cyber criminal may compromise a system and take data and then demand payment to prevent the data from being released, or execute a distributed denial-of-service attack and then demand payment to make the attack stop.

    Some basic practices may help businesses. Regular backups can ensure that a business almost always has access to its data. End-to-end encryption can make most stolen data useless since the criminals will not know what type of data they have. Training (and testing) can help educate employees on phishing and other scams. Insurance is also a helpful tool in rounding out a business’ overall vigilance and cyber preparedness.

    Kaufman & Canoles can help you protect your business before a security breach occurs. We are available to help you craft a response plan and review your insurance options. In addition, we remain available, even on short notice, to assist with any breach, cyberattack and HIPAA compliance matters. In the event of a potential breach, attack or upcoming HIPAA audit, or if you have questions regarding security planning, response or compliance, contact our Cybersecurity Response Team. We can be reached by phone on our hotline at (844) 417.3309 or by email at

    The contents of this publication are intended for general information only and should not be construed as legal advice or a legal opinion on specific facts and circumstances. Copyright 2024.