ransomware – Page 2 – German criminal defense Lawyer Ferner

Is there a strategy for dealing with ransomware? Ransomware is a type of malware that blocks access to the victim’s system or data and demands a ransom to unlock or release it. Negotiations with cybercriminals over such attacks can be complex and risky.

Ransomware attacks are one of the biggest threats to companies worldwide: dealing with such crises correctly, especially negotiating with the attackers, can be crucial to minimizing the damage and regaining control. I am an atypical source of information here because I usually work as a lawyer for the attackers and therefore have completely different insights.

I would like to loosely explore the question of whether there can be fundamental strategic considerations on this topic. And indeed, based on current studies and practical experience, important insights can be gained and mistakes that can occur during negotiations can be avoided.

How does the liability situation in the subject complex of IT security, especially for management (managing directors and board of directors), present itself in Germany?

In my presentation on liability in the event of IT security breaches, tailored to management and board members, I address the relevant circumstances: After a presentation of general liability issues, and building on this, specific liability issues for employees & board members will be highlighted, and finally, very briefly, ways of limiting liability will be presented – up to the question of whether it is not a reason for liability if a company does not buy Bitcoin as a precaution. In the following, I present essential parts of the lecture on the liability of the management board in case of IT security breaches.

IT security is the core topic of modern information technology and is increasingly the focus of political developments as well – nevertheless, there is still a lack of a differentiated, binding set of regulations; although there are specifications at the EU level and initial legal regulations at the national level. However, in the area of original problems, especially in the development and use of software or the liability of a company’s board of directors, unclear liability situations immediately arise. In legal practice, IT security as such seems to wither away and boil down to the practical application of sub-areas of the GDPR – but in fact there are immediate liability scenarios.