As many around the world were preparing for the Mother's Day weekend, the WannaCry ransomware attack hit over 70,000 organizations in nearly 100 countries in just one day, Friday, May 12th. After the weekend, the attack had affected over 150 countries and may yet continue to spread. It has become the largest ransomware attack in history.

Given the widespread and ongoing impact of WannaCry, along with the likelihood of spin-off ransomware coming in the near future, corporate officials such as in-house counsel need to be informed and prepared. With that in mind, here are some basic action items to consider:

Preparing for a WannaCry Attack

  • Identify the Windows operating systems in your network that may be vulnerable to WannaCry or another spin-off ransomware and install the appropriate security patches. Indeed, it is important to stay up to date on security patches generally.
  • Create a backup copy of your organization's computer system that can be used in the event that your system becomes encrypted by ransomware.
  • Develop or update your organization's incident response plan to address ransomware. This includes not only planning for rapid investigation, containment, and remediation of an attack, but also planning for business continuity, public relations, cybersecurity insurance, and legal compliance.
  • Establish contacts with law enforcement, outside counsel, a cybersecurity remediator, your insurance company, and anyone else who you will need to coordinate with when responding to a ransomware attack.
  • Implement ongoing training of computer users on basic cybersecurity hygiene, including not clicking on suspicious links or opening suspicious email attachments.

Responding to an Attack

  • Wherever possible, incident response measures should be taken at the direction of counsel in order to preserve attorney-client privilege and minimize legal risk.
  • Work with a cybersecurity remediation company and/or law enforcement to rapidly contain and remediate the ransomware attack. Among other things, this might include disabling the infected computer, restoring backup files, or counteracting the ransomware.
  • Fully investigate the ransomware attack, engage with law enforcement as appropriate, and implement cybersecurity measures to defend against additional follow-up attacks.
  • Determine the extent of harm to data subjects and consumers, comply with any applicable breach notification obligations, and take other steps to minimize legal risk.

Click here to read the full version of this client alert, including further details on the WannaCry Ransomware attack.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.