A recent article reporting that Bingham County paid approximately $3,500 in ransom to recover information and spent nearly $100,000 to respond to the attack highlights the need to take steps now to protect yourself against ransomware and be prepared in the unfortunate situation you too are a victim.
County Pays Ransom
EastIdahoNews.com reported that Bingham County discovered the attack on February 15, 2017, and received a demand for $28,000 delivered in bitcoin for a password to decrypt the county servers. All but a few servers were backed up, enabling the county to recover its information without paying the ransom. After determining it would be more expensive to buy new servers to replace three infected servers, Bingham County paid the hackers 3 bitcoins, or about $3,500, for the decryption key. The county is still recovering after spending about $100,000 to respond to the attack and operations may not return to normal until 2018. For more information about the attack, visit http://www.ksl.com/?sid=43357235.
Ways to Protect Yourself
Visit this article for a detailed discussion of methods for protecting yourself against ransomware.
What to Do If a Victim
Visit this article for a discussion of the HHS Office of Civil Rights' guidance on responding to ransomware and complying with the costly HIPAA breach notification rules.
This publication is designed to provide general information on pertinent legal topics. The statements made are provided for educational purposes only. They do not constitute legal or financial advice nor do they necessarily reflect the views of Holland & Hart LLP or any of its attorneys other than the author. This publication is not intended to create an attorney-client relationship between you and Holland & Hart LLP. Substantive changes in the law subsequent to the date of this publication might affect the analysis or commentary. Similarly, the analysis may differ depending on the jurisdiction or circumstances. If you have specific questions as to the application of the law to your activities, you should seek the advice of your legal counsel.