Mon, Feb 24, 2020

Keith Wojcieszek Quoted in Law 360 on New Ransomware Ring Maze

"Law firms have everything an attacker might want, from personally identifiable information on employees, to medical information, bank information, trade secrets, and other privileged information," says Keith Wojcieszek, Associate Managing Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps, in an article published in Law 360. In the article, Keith highlights the new ransomware ring “Maze” that claims to have hacked over 30 organizations including five law firms.

Keith, who formerly investigated ransomware attacks for the U.S. Secret Service, further discusses the ethical conundrum that ransomware attacks, like Maze, trigger. Organizations are torn between reporting to law enforcement that data was stolen and thus accepting the reputational and financial loss, and paying the ransom. However, Keith states that organizations first need to identify whether the data that was taken is "personal" or "sensitive" under a particular law before knowing the kind of disclosure to make. Paying a ransom does not guarantee that bad actors will give back an organization’s access to their data, or that they won't mount more attacks in the future. 

The full article is available to subscribers here.