Sun. Aug 14th, 2022
    en flag
    nl flag
    et flag
    fi flag
    fr flag
    de flag
    pt flag
    ru flag
    es flag

    Developed through a project run by a consortium of five partner institutions: Czech National Cyber and Information Security Agency (NCISA), International Committee of the Red Cross (ICRC), NATO Cooperative Cyber Defence Centre of Excellence (NATO CCDCOE), University of Exeter, and Wuhan University, the Cyber Law Toolkit is designed to help legal practitioners with a working knowledge of international law consider precise and practical cyber scenarios based on real-life examples. One of the cyber scenarios highlighted in the Cyber Law Toolkit describes the potential use of ransomware against municipal governments and healthcare providers. Given the pandemic and recession constraints in today’s world, this scenario and its potential implications are more relevant than ever and worthy of consideration by legal, business, and information technology professionals.

    Extract from the NATO Cooperative Cyber Defence Centre of Excellence (NATO CCDCOE)*

    Scenario 14: Ransomware Campaign

    Municipal governments and health care providers in one State fall victim to a ransomware campaign launched by a non-State group in a second State. The ransomware campaign disables municipal and health care services in the first State. The scenario explores how the ransomware campaign may be classified under international law. It first considers whether the campaign is a breach of an international obligation attributable to a State. It then discusses the possible legal responses available to the victim State.

    Scenario Facts

    A previously unknown strain of ransomware is directed toward several municipal governments and a variety of health care services providers in State A through the use of phishing emails. Upon opening the emails by government and health care services employees, computer systems are affected. In a major metropolitan city in State A, the local court is forced offline because the ransomware has encrypted its computer systems and the police are forced to revert to using pen and paper to issue traffic citations. Moreover, police are unable to effectuate warrants and ongoing investigations into crimes must be postponed. Thousands of computers at the State A Department of Transportation stop working. Processing of applications for drivers’ licenses and permit renewals is halted. City authorities refuse to pay ransom to the attackers and are forced to spend considerable sums to repair and restore the affected computer systems.

    The same ransomware infects hospital systems in a separate city in State A. Doctors are unable to access patient data stored digitally. Staff resort to using paper charts, transmitting messages in person and being able to perform only basic treatment without access to X-rays or ultrasound scans. The health records system of a major company incorporated in State A is also infected, leaving thousands of patient medical files inaccessible. The inaccessibility of patient data coupled with the disruption to the hospital computer systems results in the inability of the medical staff to perform critical surgeries. Patients are admitted to the emergency rooms when absolutely necessary, but cannot be operated on in a timely manner, resulting in several otherwise preventable injuries, but fortunately no loss of life. Lesser harm is caused to patients who cannot be given necessary medication because their medical records are inaccessible. A significant economic loss is caused by the need to reroute patients to other hospitals.

    After several weeks, the ransomware attacks stop.

    Authorities in State A determine that the ransomware was created by a group of hackers in State B. The hackers’ relationship to State B is not clear. However, the methodology utilized by the hackers bears a striking similarity to a previous cyber operation attributed to State B. Moreover, State B, while formally denying any involvement in the incidents, praises the actions of the hackers as a just and foreseeable reaction to what State B characterizes as State A’s foreign policy misdeeds. State A and State B have strained relations.

    State A indicts the hackers, but State B does not cooperate in extraditing the hackers to State A for prosecution under criminal laws of State A for several reasons. Firstly, State B is prohibited by its constitution from extraditing its citizens for criminal prosecution in other States. Secondly, relations between State A and State B are such that, even in the absence of the foregoing reasons, State B would be disinclined to co-operate with State A. Finally, State media in State B has lauded the actions of the hackers as a just response to State A’s purported misdeeds.

    Scenario Examples

    Legal Analysis

    The analysis in this scenario focuses on the legal qualification of the ransomware attacks from the perspective of international law. In particular, it examines whether the relevant conduct is attributable to State B and whether it amounts to a breach of an international obligation owed by State B to State A. It then discusses the possible legal responses available to the State A.

    For the complete and detailed legal analysis with discussions of key terms, considerations, and checklists, visit the NATO Cooperative Cyber Defence Centre of Excellence (NATO CCDOE) blog at Cyberlaw.CCDCOE.org.

    Read the complete scenario overview at Scenario 14: Ransomware Campaign


    About the Cyber Law Toolkit and Project

    The Toolkit was formally launched on 28 May 2019 in Tallinn, Estonia, and the project is run by a consortium of five partner institutions: Czech National Cyber and Information Security Agency (NCISA), International Committee of the Red Cross (ICRC), NATO Cooperative Cyber Defence Centre of Excellence (NATO CCDCOE), University of Exeter, and Wuhan University. The project team consists of Dr. Kubo Mačák (Exeter), General Editor, Mr. Tomáš Minárik (NCISA), Managing Editor, and Ms. Taťána Jančárková (NATO CCDCOE), Scenario Editor. The individual scenarios and the Toolkit have been reviewed by a team of more than 20 external experts and peer reviewers. The Toolkit is an interactive resource that is continuously developed and updated.

    Learn more about the toolkit and project at Cyber Law Toolkit


    Additional Reading

    Source: ComplexDiscovery

    * Redistributed with Permission Under the Creative Commons Attribution-ShareAlike 4.0 License

     

    Have a Request?

    If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.

    ComplexDiscovery is an online publication that highlights cyber, data, and legal discovery insight and intelligence ranging from original research to aggregated news for use by cybersecurity, information governance, and eDiscovery professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding cyber, data, and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.

    ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of cyber, data, and legal discovery organizations. Focused primarily on supporting the ComplexDiscovery publication, the company is registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world. The company operates virtually worldwide to deliver marketing consulting and services.

    The Tip of the Iceberg? New ENISA Report on the Threat Landscape for Ransomware Attacks

    According to ENISA, this threat landscape report analyzed a total of...

    Consumers Paying the Price? Cost of a Data Breach Hits Record High According to New IBM Report

    According to IBM Security, the annual Cost of a Data Breach Report...

    Safeguarding ePHI? NIST Updates Guidance for Health Care Cybersecurity

    This new NIST Special Publication aims to help educate readers about...

    Countering Threat Actors? Using Social Network Analysis for Cyber Threat Intelligence (CCDCOE)

    According to the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE)...

    Revenue Headwinds? KLDiscovery Inc. Announces Second Quarter 2022 Financial Results

    According to Christopher Weiler, CEO of KLDiscovery Inc, “The second quarter...

    Beyond Revenue? DISCO Announces Second Quarter 2022 Financial Results

    According to Kiwi Camara, Co-Founder and CEO of DISCO, “We are...

    Live with Leeds? Exterro Completes Recapitalization in Excess of $1 Billion

    According to the press release, with the support of a group...

    TCDI Completes Acquisition of Aon’s eDiscovery Practice

    According to TCDI Founder and CEO Bill Johnson, “We chose Aon’s...

    On the Move? 2022 eDiscovery Market Kinetics: Five Areas of Interest

    Recently ComplexDiscovery was provided an opportunity to share with the eDiscovery...

    Trusting the Process? 2021 eDiscovery Processing Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    The Year in Review? 2021 eDiscovery Review Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    A 2021 Look at eDiscovery Collection: Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    Five Great Reads on Cyber, Data, and Legal Discovery for July 2022

    From lurking business undercurrents to captivating deepfake developments, the July 2022...

    Five Great Reads on Cyber, Data, and Legal Discovery for June 2022

    From eDiscovery ecosystem players and pricing to data breach investigations and...

    Five Great Reads on Cyber, Data, and Legal Discovery for May 2022

    From eDiscovery pricing and buyers to cyberattacks and incident response, the...

    Five Great Reads on Cyber, Data, and Legal Discovery for April 2022

    From cyber attack statistics and frameworks to eDiscovery investments and providers,...

    Inflection or Deflection? An Aggregate Overview of Eight Semi-Annual eDiscovery Pricing Surveys

    Initiated in the winter of 2019 and conducted eight times with...

    Changing Currents? Eighteen Observations on eDiscovery Business Confidence in the Summer of 2022

    In the summer of 2022, 54.8% of survey respondents felt that...

    Challenging Variants? Issues Impacting eDiscovery Business Performance: A Summer 2022 Overview

    In the summer of 2022, 28.8% of respondents viewed increasing types...

    Downshift Time? eDiscovery Operational Metrics in the Summer of 2022

    In the summer of 2022, 65 eDiscovery Business Confidence Survey participants...

    Counterattack in Crimea? Ukraine Conflict Assessments in Maps (August 8 – 12, 2022)

    According to a recent update from the Institute for the Study...

    Droning On? Ukraine Conflict Assessments in Maps (August 3 – 7, 2022)

    According to a recent update from the Institute for the Study...

    Assuaging Distress? Ukraine Conflict Assessments in Maps (July 29 – August 2, 2022)

    According to a recent update from the Institute for the Study...

    Momentum Challenges? Ukraine Conflict Assessments in Maps (July 24 – 28, 2022)

    According to a recent update from the Institute for the Study...