Most of the ransomware incidents invite lawsuits in the United States


A recent survey conducted by Comparitech revealed that in 2023, one out of every five ransomware attacks resulted in legal action, with approximately 123 cases filed. This alarming trend suggests a significant rise in litigation stemming from cyber incidents, with many cases from the previous year still pending reporting.

Examining data from the past five years, it’s evident that ransomware incidents have been on the rise, totaling around 3000 occurrences between 2018 and 2023. Of these, 355 lawsuits specifically addressing file-encrypting malware attacks were filed during the same period.

According to Comparitech’s ransomware incidents report, out of 228 resolved cases, 59% resulted in either data breach settlements or out-of-court resolutions through arbitration. The remaining cases faced penalties for inadequate consumer data protection measures.

A concerning aspect of ransomware attacks is the emergence of double or triple extortion tactics, where data breaches are leveraged to coerce victims into paying ransoms. This pressure often leads to legal action as victims seek to mitigate the fallout from stolen data.

The true impact of ransomware lies not merely in file encryption but in data exfiltration. Cybercriminals exploit this stolen data, threatening to release it or sell it on the dark web unless a ransom is paid. This creates a dilemma for victims, as payment rewards criminal behavior and offers no guarantee of data recovery or deletion.

In a recent incident involving the BlackCat ransomware group targeting Change Healthcare, a subsidiary of United Health, a ransom of $22 million was demanded to prevent the disclosure of stolen data. However, another group, RansomHub, swiftly emerged, demanding an additional $15 million in Bitcoin, illustrating the complex dynamics of ransom negotiations.

To counteract these threats, the FBI issued a statement in November 2019-2020 advising against ransom payments, citing their ineffectiveness in deterring crime and ensuring data recovery. Ultimately, the decision to pay rests with the victim, but those with robust backup strategies are better positioned to resist extortion tactics and safeguard their data.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display