On November 10, 2016, the U.S. Federal Trade Commission (FTC) released new guidance for businesses and consumers on the impact of, and how to respond to ransomware. Ransomware is a form of malicious software that infiltrates computer systems or networks and uses tools like encryption to deny access or hold data hostage until the victim pays a ransom. Ransomware incidents have increased over the past year, including a number of high-profile attacks on health care organizations.

Business Guidance

For businesses, the FTC released Ransomware – A closer look with a companion video Defend against Ransomware. A copy of both can be found here.

According to the FTC, if your business holds consumers' sensitive information "you should be concerned about the threat of ransomware." The FTC notes it can impose "serious economic costs on businesses because it can disrupt operations or even shut down a business entirely."

In order to defend against ransomware attacks, the FTC recommends businesses invest in prevention through:

  • Training and education: Implement education and awareness programs to train employees to exercise caution online and avoid phishing attacks.
  • Cyber hygiene: Practice good security by implementing basic cyber hygiene principles (including updating software, and implementing new procedures for users).
  • Backups: Backup data early and often.
  • Planning: Plan for an attack. Develop and test incident response and business continuity plans.

For those businesses hit with a ransomware attack, the FTC recommends organizations take the following steps:

  • Implement the continuity plan: Have a tested incident response and business continuity plan in place.
  • Contact law enforcement: Immediately contact law enforcement, such as a local FBI field office, if an attack is discovered.
  • Contain the attack: Keep ransomware from spreading to networked drives by disconnecting the infected device from the network.

Consumer Guidance

For consumers, the FTC released How to defend against ransomware. A copy of this guidance can be found here. The FTC recommends consumers take the following steps to protect against ransomware:

  • Update your software: Use anti-virus software and keep it up to date. Set your operating system, web browser and security software to update automatically, and on mobile devices do it manually.
  • Think twice before clicking on links or downloading attachments or applications: You can get ransomware from visiting a compromised site or through malicious online ads.
  • Back up files: Back up files whenever possible, and make it part of your routine.

If you are a victim of a ransomware attack, the FTC recommends:

  • Disconnecting the infected devices from the network;
  • Restoring the infected device where possible; and
  • Contacting law enforcement.

Dentons is the world's first polycentric global law firm. A top 20 firm on the Acritas 2015 Global Elite Brand Index, the Firm is committed to challenging the status quo in delivering consistent and uncompromising quality and value in new and inventive ways. Driven to provide clients a competitive edge, and connected to the communities where its clients want to do business, Dentons knows that understanding local cultures is crucial to successfully completing a deal, resolving a dispute or solving a business challenge. Now the world's largest law firm, Dentons' global team builds agile, tailored solutions to meet the local, national and global needs of private and public clients of any size in more than 125 locations serving 50-plus countries. www.dentons.com.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.