Category: lawsuit

A recent survey conducted by Comparitech revealed that in 2023, one out of every five ransomware attacks resulted in legal action, with approximately 123 cases filed. This alarming trend suggests a significant rise in litigation stemming from cyber incidents, with many cases from the previous year still pending reporting.

Examining data from the past five years, it’s evident that ransomware incidents have been on the rise, totaling around 3000 occurrences between 2018 and 2023. Of these, 355 lawsuits specifically addressing file-encrypting malware attacks were filed during the same period.

According to Comparitech’s ransomware incidents report, out of 228 resolved cases, 59% resulted in either data breach settlements or out-of-court resolutions through arbitration. The remaining cases faced penalties for inadequate consumer data protection measures.

A concerning aspect of ransomware attacks is the emergence of double or triple extortion tactics, where data breaches are leveraged to coerce victims into paying ransoms. This pressure often leads to legal action as victims seek to mitigate the fallout from stolen data.

The true impact of ransomware lies not merely in file encryption but in data exfiltration. Cybercriminals exploit this stolen data, threatening to release it or sell it on the dark web unless a ransom is paid. This creates a dilemma for victims, as payment rewards criminal behavior and offers no guarantee of data recovery or deletion.

In a recent incident involving the BlackCat ransomware group targeting Change Healthcare, a subsidiary of United Health, a ransom of $22 million was demanded to prevent the disclosure of stolen data. However, another group, RansomHub, swiftly emerged, demanding an additional $15 million in Bitcoin, illustrating the complex dynamics of ransom negotiations.

To counteract these threats, the FBI issued a statement in November 2019-2020 advising against ransom payments, citing their ineffectiveness in deterring crime and ensuring data recovery. Ultimately, the decision to pay rests with the victim, but those with robust backup strategies are better positioned to resist extortion tactics and safeguard their data.

The post Most of the ransomware incidents invite lawsuits in the United States appeared first on Cybersecurity Insiders.

Google, the ubiquitous web search giant deeply ingrained in our daily lives, has unveiled plans to usher in a new era by replacing over 30,000 jobs with Artificial Intelligence (AI) technology. This strategic move aims to enhance operational efficiency and improve customer service on a global scale. Anticipated to roll out by November 2024, this transformative shift towards AI integration is poised to trigger significant workforce changes, resulting in mass layoffs.

The revelation surfaced through internal channels within the internet behemoth and was reported by First Post yesterday. While the specific individuals facing job displacement remain undisclosed, employees in administrative, marketing, and partially in sales roles are slated to receive pink slips by March of this year.

In a parallel development, Google has entered into a settlement agreement to resolve a class-action lawsuit, committing to pay a substantial $5 billion. The legal dispute stemmed from allegations that Google breached user privacy by monitoring individuals utilizing the Incognito Mode in Chrome Browsers, contradicting its claim of providing a highly private browsing experience.

As part of the settlement, affected users who employed the browser feature between 2016 and 2020 are entitled to $5,000 each. However, legal analysts caution that Alphabet Inc’s subsidiary, responsible for YouTube, may impose stringent guidelines on users seeking compensation. The details of the settlement are pending finalization by the court before February 24, 2024, with a formal announcement to follow.

Shifting focus to Google Play Protect, the tech giant has introduced enhanced performance features for the application dedicated to conducting security checks and thwarting potential threats. Noteworthy functionalities include scanning for malicious applications, deactivating and removing harmful apps from devices, placing unused apps in sleep mode, preventing unwanted software from operating in the Android ecosystem, user permission alerts, permission resets, and more.

The Play Protect feature extends its capabilities to track billing fraud, detect trojans and backdoors, block spyware, defend against DDOS attacks, prevent harmful codes from running within the Android ecosystem, thwart phishing and ransomware attempts, and block spyware and spam for device users. This robust suite of security measures underscores Google’s commitment to providing a secure and protected user experience within the Android environment.

The post Google Play Protect, its Chrome $5 billion lawsuit and replacing 30K jobs with AI appeared first on Cybersecurity Insiders.

A lawsuit has been initiated against two prominent gaming entities due to their failure to safeguard the personal identifiable information of their customers, resulting in a substantial potential penalty, possibly amounting to millions of dollars. The legal action revolves around MGM Resorts International and Caesars Entertainment, both of which fell victim to a highly sophisticated file-encrypting malware attack towards the end of last week.

Currently, it has come to light that two separate lawsuits have been filed in connection with the MGM cyber-attack, while Caesars Gaming company is contending with three legal actions, one of which was freshly filed just last Friday.

The identity of the culprits behind the security breaches at both companies remains shrouded in mystery. However, a hacking group known as “VX-Underground” has made allegations that the ALPHV, also known as the BlackCat ransomware group, played a role in the incident, managing to exfiltrate a portion of data from the compromised servers.

Collaborating closely, the Nevada Gaming Control Board and the FBI have launched an investigation into this cyber incident. Their findings are expected to be presented in a report due early next month.

In a positive turn of events, MGM Resorts and Hotels have successfully resolved the situation, restoring their systems to normalcy after a 10-day shutdown. It remains unclear whether they acquiesced to the hackers’ demands or relied on their business continuity plan to restore applications and data to their usual state.

As for Caesars, the company has not yet issued an official statement regarding the matter.

It’s important to note that in both incidents, the attackers gained access to the systems by obtaining network login credentials through a Vishing attack perpetrated against an unsuspecting employee. Consequently, businesses are urged to adopt a comprehensive approach to cybersecurity, emphasizing the importance of awareness training for their staff to guard against such threats, which can potentially target any organization at least once a year.

The post Lawsuit against MGM and Ceasars Entertainment Ransomware Attack appeared first on Cybersecurity Insiders.

Companies that fail to protect their customers’ information are likely to face lawsuits in the year 2023, as impacted customers are no longer willing to tolerate such acts at the expense of their privacy and financial losses.

This legal turn is supported by a study conducted by BakerHostetler, which confirms that lawsuits against companies that suffer data breaches are becoming more common and may increase by the end of this year.

The 2023 Data Security Incident Response Report was compiled after gathering responses from more than 1,100 cybersecurity professionals, and it suggests that businesses’ tolerance levels have declined. Almost all of those who suffered consequences related to a data spill are likely, or have already, filed a lawsuit against their technology partners.

Among the impacted incidents, 45% were network intrusions, 30% were business email compromise, and 12% were unintended information disclosure.

Surprisingly, the analysis conducted by American law firm BakerHostetler found that victims who made ransomware payments increased in the year 2022 compared to 2021. Additionally, the average ransom amount paid last year was recorded as $600,000, up from the $511,000 payment made in 2021.

Now the big question: Is there any benefit in filing a lawsuit against the technology service provider for a data breach? Well, under certain circumstances, local laws stipulate that all companies dealing with customer data must efficiently use resources and funds to protect the information from cybercriminals and state-funded hacks. Those that fail to do so will be eligible for prosecution by data watchdogs, also known as Information Security Commissioners. Impacted customers are entitled to file a lawsuit against their service provider if sensitive details related to them, individually or as a group, are leaked to hackers. Receiving a monetary favor for the loss is totally idiosyncratic and depends on the intensity of the breach, leaked info, and the failure of the company that was storing the data. By the way, data spills occurring from state-funded hacks are no longer covered under cyber insurance.

The post Data Breach lawsuits against companies increasing in the year 2023 appeared first on Cybersecurity Insiders.

In 2021, the LockBit Ransomware group breached the servers of New York-based law firm HPMB and stole sensitive information from one of its healthcare-related clients. The stolen data included names, DOBs, social security numbers, driving license details, biometric information of 114,979 individuals, and court-related documents in PDF form.

A security analysis done in April 2022 revealed that the cybercriminals from China-funded Hafnium Group gained access to HPMB’s servers through a vulnerability in Microsoft Exchange Server.

As the vulnerability was fixed by Microsoft in 2021, the Windows OS-producing company was not at fault for the breach. In response to a class action lawsuit, HPMB agreed to pay $200,000 to settle the data breach suit filed by its customer.

The healthcare provider also agreed to enhance its cybersecurity measures and appoint a third-party forensic expert to report on its current cybersecurity posture and those that will be adopted in the future.

Additionally, the company paid $100,000 to the LockBit ransomware gang that stole and encrypted the database in 2021. Therefore, the company paid a total of $350,000, including $50,000 as miscellaneous expenses($200,000 settlement costs and $100,000 paid to Lockbit), to continue its business operations.

Letitia James, the Attorney General at New York Court, gave the law firm seven days to review its decision and submit a report on how it will protect its user data in the future.

 

The post Microsoft Exchange Server vulnerability makes lawyers pay $200k as a settlement appeared first on Cybersecurity Insiders.