That said, evaluating the applicable legal framework requires knowledge of Ransomware’s mechanics, which may vary widely by the type, source, and purpose of the Ransomware-not to mention the specific effects it may have on a given organization. In the face of an inarguably immense and expanding problem, an understanding of the relevant legal issues is crucial for practitioners who will encounter Ransomware and its effects. Other experts focus on the exponential reach of Ransomware, noting that it “infects one computer but…often spreads across network drives to infect other computers as well.” Moreover, the scourge of Ransomware is growing steadily, with some researchers noting 500% yearly increases. Fraudulent spyware removal tools and performance optimizers scared users into paying to fix problems that didn’t really exist.” Regardless, most present-day (and, likely, future) Ransomware is serious business, both in the effects it has on victims and in the underground infrastructure that buttresses Ransomware’s propagation. As Doug Pollack noted, “ironically, until, most was fake. Although experts rightly emphasize the significant problem Ransomware presents today, the risks have not always been so grave in the hostage-software industry. In response, “o keep cybercrime profitable, criminals needed to find a new cohort of potential buyers, and they did: all of us.” The historical model for the most obvious cybercrimes had been stealing and selling data (usually credit card numbers), but this fraud became so prevalent that the going rate for stolen payment card information has dropped precipitously over the past five years. Interestingly, Ransomware’s recent reemergence may be explained, in part, by the success of other hacking efforts. Then, in the wake of an economic recession, Ransomware came back with a vengeance, making a dramatic entrance as it “resurged in 2013 ” it has continued to flourish ever since. The first recorded example was biologist Joseph Popp’s “AIDS Trojan”: Popp developed the virus and “passed 20,000 infected floppy disks out at the 1989 World Health Organization’s AIDS conference.” Ransomware subsequently faded as a notable security concern for more than a decade before making another brief appearance in 2005. As noted above, Ransomware has been around in one form or another for at least ten years, and as early as 1989 in the U.S. We will explore these challenges by providing an overview of Ransomware’s development and spread and then examining the current, albeit unsettled, legal landscape surrounding Ransomware attacks and victim responses, to consider what the future might hold for regulation in this space. These challenges are not only rooted in functionality and potential damage, but also due to the emergence of a viable business model facilitating Ransomware’s exponential growth as a tool for criminals. This digital menace poses constantly evolving threats, which adds to the challenges victims confront when attempting to implement current guidance and benchmarked response efforts to Ransomware. Despite the intervening decades, and although Ransomware as a process and business are (somewhat) better understood, the legal implications of Ransomware attacks are still up for debate, and there is no simple answer to the question of how Ransomware victims can, or should, deal with an attack. Considering that Ransomware emerged “at the dawn of the Internet revolution,” even before the development of formalized Internet law and policy, attorneys have now had a bit of time to become familiar with its operation and effects and to contemplate reasonable and legitimate responses to Ransomware attacks. Federal Trade Commission (FTC) identified Ransomware as “one of the most serious online threats facing people and businesses” in 2016 as well as “the most profitable form of malware criminals use,” and the FBI developed a special working group dedicated to fighting it. This type of threat has existed in some shape or form since at least 1989, but over the past two years the frequency and scope of attacks have increased to alarming levels. Ransomware is malicious software that encrypts data on a device or a system, then bars access to, or recovery of, that data until the owner has paid a ransom. Sterling, Ransomware – Practical and Legal Considerations for Confronting the New Economic Engine of the Dark Web, 23 Rich.
0 Comments
Leave a Reply. |