It’s 9 a.m. on a Monday after a long weekend. You arrive at your downtown office prepared to tackle a brief for the new multinational corporation you are representing in their upcoming patent infringement case. You grab your coffee, say hello to your co-workers and sit down at your desk to begin. You enter your password and log in. You browse to the folder on your server or Document Management System where all the critical documents collected from your client detailing the “secret sauce” of their latest product are stored. To your horror, none of the files will open and there is a text file in the folder that you do not recognize called ryuk.txt. Congratulations, you are the victim of a ransomware attack.

Ransomware (or extortionware) is a type of malicious software that encrypts user-generated files or entire file systems with an unbreakable cipher. The only way to recover the data is to pay thousands, and in some cases millions, of dollars in cryptocurrency to the attackers in order to retrieve the decryption software or keys. As James Scott, Sr. Fellow, Institute for Critical Infrastructure Technology, stated, “Ransomware is unique among cybercrime because in order for the attack to be successful, it requires the victim to become a willing accomplice after the fact.” The primary distribution method for ransomware continues to be email, as well as Remote Desktop Protocol (“RDP”) servers with poor password policies or ones that lack multifactor authentication (“MFA”).