Ransomware Attacks Spur Class Action Lawsuits


June 26, 2023

World map

A Whitworth University student is attempting to establish a class action lawsuit against the college for damages related to a ransomware attack in July 2022 that impacted more than 65,500.

The university first reported the incident as a “sophisticated security issue” before confirming that it was a ransomware attack with the Washington attorney general’s office.

The lawsuit, which seeks damages of more than $5 million, alleges that Whitworth was “negligent in allowing a still-unidentified attacker to access health, financial and personal data of past and present students, staff and faculty.”

Whitworth alerted those impacted that their names, student ID numbers, state ID numbers, passport numbers, Social Security numbers and health insurance information were likely compromised in that attack.

The lawsuit asserts that Whitworth “should have done more to prevent a ransomware attack, a method of online extortion in which a hacker gains access to information then demands payment to prevent it from being released or to return control of the data back to its owners,” the Spokesman-Review reports.

Takeaway: On average, a ransomware attack costs more than $4M. To fully remediate These costs do not include potential losses from lawsuits and other tangential costs like damage to the brand, lost revenue, lost production from downed systems, and other collateral damage, such as Intellectual property and regulated data loss.

Even if organizations are prepared to respond and recover from a ransomware attack, the fact that sensitive data was stolen or exposed puts them at additional liability risk.

Most ransomware attacks today include data exfiltration prior to the encryption of systems. The stolen data is used as leverage to compel the victim to pay the ransom demand with the threat of releasing or otherwise exposing the data if payment is not made.  

These “double extortion” schemes may also involve the demand for an additional ransom payment to ensure the data is not leaked or sold on the dark web. The exposure of this data in ransomware attacks is more often leading to lawsuits, some reaching class-action status.

The data exfiltration tactic has been so successful that some threat actors even like BianLian and Karakurt skipping the encryption stage and moving to straight-up data extortion.

For many organizations, this exposure of customer data has regulatory implications and can lead to lawsuits and fines. Additionally, sensitive data on corporate transactions, patents, etc. can end up in the attackers' hands and be sold to the highest bidder on dark web forums.

There is a lot of focus on the delivery of the ransomware payload, but we have to remember that this occurs at the end of the attack sequence when the damage to the victim organizations has already likely occurred.

Given how much effort goes into laying the groundwork for these attacks, we are not putting enough emphasis on these early stages of the attacks where the threat actors are preparing the environment for delivery of the ransomware payload. There are days, weeks or potentially even months of detectable activity on the network prior to the final payload, and a lot of data is leaving the organization over the course of the attack.

The defense mindset here needs to shift to the left significantly where we are addressing ransomware attacks first as an effort to prevent the attackers from exfiltrating data.  

With an eye on resilience in developing a security posture, organizations can limit the impact of a ransomware payload on operations, but they also need to ensure that sensitive data is not compromised earlier in the attack in order to prevent the potential for costly litigation.

Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.