Article Detail

News & Knowledge

Dear Ransomware Victim and Your Accountants, Attorneys and Forensic Specialists: The Government Just Made Your Life Harder [Lowndes Tech]

October 07, 2020

Shareholder Drew Sorrell discusses a recent announcement by the Office of Foreign Asset Control (OFAC) that it will begin to sanction companies, individuals and intermediaries that facilitate ransomware payments. 


By now, most everyone knows that ransomware is software that infects your computer system, makes your data irretrievable and usually breaks things along the way. To unlock your system, the bad guys (or girls) demand you pay a ransom, usually via Bitcoin or similar currency. In exchange for your payment, the bad guys promise to provide you the key to unlock your data and promise not release your data on the Internet or auction if off to the highest criminal bidder. Depending on the professionalism (yes, professionalism) of the bad guy, once you’ve made your payment, you may or may not be able to unlock your system, and they may or may not delete your data versus release or auction it.

In the United States, federal law enforcement authorities have long requested that companies not pay ransoms. This used to be for the salutary reason that if no company pays, there would be no market for ransomware. Likewise, there was this annoying problem that paying ransoms under U.S. law technically may be illegal. I am not, however, aware of any prosecution of a company that paid a ransom. [...]

This is an excerpt from a blog post originally written on Lowndes Tech. To read the entire post, click here.


This article is informational only. You should consult an attorney before acting or failing to act. The law may change rapidly and no warranty is given. LOWNDES DISCLAIMS ALL IMPLIED WARRANTIES AND WITHOUT LIMITATION, ANY WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE. ALL ARTICLES ARE PROVIDED AS IS AND WITH ALL FAULTS. Consult a Lowndes attorney if you wish to establish an attorney/client relationship.
Drew

Drew Sorrell is a seasoned business lawyer with particular expertise in technology, cybersecurity and privacy issues. With an MBA in marketing and finance, he approaches clients’ legal issues with both a practical business bent and a self-described geeky love of technology.

Drew enjoys working with CLO’s, CIO’s, CTO’s and technology owners at businesses of all sizes in every phase of their legal needs. He assists them on the front end, drafting and negotiating software licenses, Internet service provider agreements, data privacy/breach policies and procedures, and employment/services agreements as well as the indemnity and insurance coverage related to those agreements. He advises clients on the GDPR and state-specific regulations, penetration testing and security audits. He also has years of experience handling matters when things go wrong, including data breaches, privacy issues and other technology or software problems.

A founding member of the Sedona Conference Group 11 (Privacy/Data Security), Drew is frequently asked to speak and write on legal and ethical issues arising from technology, including unfair and deceptive trade practices, data breach, privacy, data governance, and technology contract drafting. He is chair of the firm’s multi-disciplinary Data Governance Group as well as the past chair of the Orange County Bar Association’s Intellectual Property, Business Law and Technology Committees.

Outside the technology arena, Drew has substantial expertise in both contracts and commercial litigation. In addition, he has experience assisting clients with government contracting. Drew began his legal career as a judicial clerk to Senior United States District Judge John H. Moore II, in Jacksonville, Florida, and then practiced with an AmLaw top 10 firm in Manhattan. After a stint as an assistant county attorney responsible for day-to-day legal advice and litigating civil issues for the county, Drew returned to Lowndes. Drew is admitted to practice in Florida, New York and the District of Columbia.

Born in Florida, Drew roots for his adopted football team—the FSU Seminoles (because neither Rollins nor George Washington has a football team). He is a proud father of two sons who play basketball and soccer, make great grades and generally keep him on his toes.

Meritas Law Firms Worldwide logo
Do Your Part Logo