small-logo
ProfessionalsCapabilitiesInsights & NewsCareersLocations
About UsAlumniOpportunity & InclusionPro BonoCorporate Social Responsibility
Stay Connected:
facebookinstagramlinkedintwitteryoutube
  1. Privacy & Data Security

Blog

FTC Publishes Tip Sheet on Dealing with Ransomware

  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page
  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page

Blog

FTC Publishes Tip Sheet on Dealing with Ransomware

  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page

1 Min Read

Related Locations

Chicago

Related Topics

Data Breach

Related Capabilities

Privacy & Data Security

Related Regions

North America

December 5, 2016

In the wake of the FTC’s September workshop on the same topic, the FTC recently published a blog article and short video to help businesses respond to the increasingly common digital threat of Ransomware. Ransomware, malicious software that invades and holds hostage a victim’s system, effectively holds the recipient’s data hostage until the recipient pays a ransom to the attacker to regain access. In addition to the obvious financial impact a business faces when it cannot access its computer systems, the FTC indicated that it in some circumstances a company’s failure to update its systems and patch vulnerabilities known to be exploited by Ransomware could violate Section 5 of the FTC Act. For example, if failing to maintain day-to-day systems denied “people critical access to services like health care in the event of an emergency.”

According to the participants in the FTC’s workshop, a company’s best defense is training so employees don’t fall victim to a phishing attack. The FTC further stressed regular malware scanning and maintaining up-to-date security patches, plus administration of security protocols like endpoint checks, email authentication, intrusion prevention software, and web browser protection. The FTC also encouraged backing up business-critical data disconnected from a company’s network.

TIP: This information from the FTC is helpful for companies looking for a roadmap of expectations from a regulator in how to prepare for possible Ransomeware situations.

This entry has been created for information and planning purposes. It is not intended to be, nor should it be substituted for, legal advice, which turns on specific facts.

Logo
facebookinstagramlinkedintwitteryoutube

Copyright © 2025. Winston & Strawn LLP

AlumniCorporate Transparency Act Task ForceDEI Compliance Task ForceEqual Rights AmendmentLaw GlossaryThe Oval UpdateWinston MinutePrivacy PolicyCookie PolicyFraud & Scam AlertsNoticesSubscribeAttorney Advertising