{"id":407,"date":"2018-02-04T16:28:16","date_gmt":"2018-02-04T21:28:16","guid":{"rendered":"https:\/\/www.amp.legal\/blog\/?p=407"},"modified":"2018-03-26T09:51:43","modified_gmt":"2018-03-26T13:51:43","slug":"ransomware-sparks-class-action","status":"publish","type":"post","link":"https:\/\/www.amp.legal\/blog\/ransomware-sparks-class-action\/","title":{"rendered":"Ransomware Sparks Class Action"},"content":{"rendered":"

On January 25, 2018, Allscripts, a platform service provider for managing electronic health care records, experienced a ransomware attack. The ransomware was a variant of the “SamSam” malware. Allscripts restored its systems with backups, but after several days, some users could not access the system. The\u00a0affected users filed a class action lawsuit against Allscripts in federal court. This case demonstrates how a ransomware infection can carry significant liabilities for a company.<\/p>\n

SamSam Ransomware<\/h3>\n

SamSam<\/a> is different than many types of ransomware. Attackers distribute SamSam manually through compromised servers instead of using a traditional attack vector such as a phishing campaign. Also, SamSam focuses its attacks on the health care industry, which is troubling for medical providers.<\/p>\n

\"JexBoss\"<\/a>
JexBoss – click to enlarge<\/figcaption><\/figure>\n

Using JexBoss<\/a>, an open source exploit tool, attackers leverage vulnerabilities in a JBoss Application Server to distribute SamSam. Once the attackers gain access to the network, they encrypt systems running Windows with the ransomware. SamSam utilizes the RSA-2048 asymmetric encryption algorithm, which uses a public and private key. To obtain the private key, the victim must send a ransom payment to the attacker.<\/p>\n

Before the Allscripts attack, another version of SamSam infected two hospitals in Indiana, Hancock Health and Adams Memorial. CSO reported<\/a> that Hancock paid 4 bitcoins to recover the encrypted files. Hancock decided that paying the ransom was a better solution than manually restoring the system.<\/p>\n

Reasonable Measures<\/h3>\n

The class action complaint<\/a>, filed in the Northern District of Illinois, alleges that Allscripts failed to prevent the ransomware attack. The plaintiffs accuse Allscripts of negligence, breach of contract, unjust enrichment, and violating Illinois statutes regarding fraud and deceptive practices.\u00a0They claim to suffer economic damages from significant business disruptions. They explain that Allscripts did not apply “appropriate processes\u201d that would minimize an attack\u2019s effects. Notably, they\u00a0claim that Allscripts failed “to take adequate and reasonable measures to implement, monitor, and audit its data systems.\u201d<\/p>\n

Reports<\/a> indicate that Allscripts prepared by taking some basic measures for a cyber attack. These “reasonable measures” include making\u00a0scheduled backups and having a response policy<\/a>.<\/p>\n

Allscripts made full backups on Fridays and incremental backups during the other weekdays. As a best practice, the backup method that\u00a0Allscripts used should restore operations in a short period of time. However, after several days of being down, Allscripts admitted that some users still could not log in. Affected users complained on Twitter<\/a> that they could not access their records or billing system. A health provider for the elderly\u00a0commented that patients did not understand why they could not make appointments.<\/p>\n

An attorney for the plaintiffs, Steven Teppler<\/a>, did not verify any details about Allscript’s backups<\/a>. However, Teppler believes that the number of affected users may potentially be higher than currently known.\u00a0Teppler further explained that Allscripts did not disclose the full extent of the impact.<\/p>\n

Protection and Monitoring<\/h3>\n

With a ransomware infection, management must decide either to pay the ransom or restore the data. Unfortunately, either decision could have unintended consequences that can deepen a company\u2019s liability.<\/p>\n

The class action against Allscripts is a reminder that one ransomware infection<\/a> can damage multiple businesses. Companies must take\u00a0adequate measure to protect and monitor their networks. For example, the\u00a0presence of JexBoss on a system without management’s approval could be an indication of malicious activity. This is why companies need to monitor their systems and have security practitioners perform periodic vulnerability testing.<\/p>\n

To learn all about ransomware protection, Pixel Privacy<\/a>\u00a0offers a comprehensive guide:
\nRansomware: What Is It And How Can You Prevent It?<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

On January 25, 2018, Allscripts, a platform service provider for managing electronic health care records, experienced a ransomware attack. The ransomware was a variant of the “SamSam” malware. Allscripts restored its systems with backups, but […]<\/p>\n","protected":false},"author":1,"featured_media":408,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[69,30,32,70,39,26],"yoast_head":"\nRansomware Sparks Class Action - Cyber Law Blog<\/title>\n<meta name=\"description\" content=\"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.amp.legal\/blog\/ransomware-sparks-class-action\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Ransomware Sparks Class Action - Cyber Law Blog\" \/>\n<meta property=\"og:description\" content=\"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.amp.legal\/blog\/ransomware-sparks-class-action\/\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Law Blog\" \/>\n<meta property=\"article:published_time\" content=\"2018-02-04T21:28:16+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2018-03-26T13:51:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2018\/02\/Hospital.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"900\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.amp.legal\/blog\/ransomware-sparks-class-action\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/ransomware-sparks-class-action\/\"},\"author\":{\"name\":\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f\"},\"headline\":\"Ransomware Sparks Class Action\",\"datePublished\":\"2018-02-04T21:28:16+00:00\",\"dateModified\":\"2018-03-26T13:51:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/ransomware-sparks-class-action\/\"},\"wordCount\":597,\"publisher\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#organization\"},\"keywords\":[\"attorney\",\"breach response\",\"cyber due diligence\",\"exploit\",\"malware\",\"ransomware\"],\"articleSection\":[\"Ransomware\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.amp.legal\/blog\/ransomware-sparks-class-action\/\",\"url\":\"https:\/\/www.amp.legal\/blog\/ransomware-sparks-class-action\/\",\"name\":\"Ransomware Sparks Class Action - Cyber Law Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#website\"},\"datePublished\":\"2018-02-04T21:28:16+00:00\",\"dateModified\":\"2018-03-26T13:51:43+00:00\",\"description\":\"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/ransomware-sparks-class-action\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.amp.legal\/blog\/ransomware-sparks-class-action\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.amp.legal\/blog\/ransomware-sparks-class-action\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.amp.legal\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Ransomware Sparks Class Action\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#website\",\"url\":\"https:\/\/www.amp.legal\/blog\/\",\"name\":\"Cyber Law Blog\",\"description\":\"Exploring technology law in cyberspace\",\"publisher\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.amp.legal\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#organization\",\"name\":\"Alice M. Porch, P.A.\",\"url\":\"https:\/\/www.amp.legal\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png\",\"contentUrl\":\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png\",\"width\":1104,\"height\":1114,\"caption\":\"Alice M. Porch, P.A.\"},\"image\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f\",\"name\":\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g\",\"caption\":\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\"},\"description\":\"Alice is a member of the Florida Bar, and she focuses on data privacy and cybersecurity compliance. She attended the Warrington College of Business at the University of Florida and earned a Bachelor of Science in Business Administration. After graduating, she earned a Juris Doctor at the Stetson University College of Law. During law school, she served as an Assistant Executive Editor for Stetson Law Review and also as a Staff Editor for Stetson Journal of Advocacy and the Law. She also served as a member of The Florida Bar Journal\/News Editorial Board from 2018-2024. She is currently a member of the Florida Bar Cybersecurity and Privacy Law Substantive Law Committee.\",\"sameAs\":[\"https:\/\/www.aliceporch.com\",\"https:\/\/www.linkedin.com\/in\/alice-m-porch\/\"],\"url\":\"https:\/\/www.amp.legal\/blog\/author\/amplegal\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Ransomware Sparks Class Action - Cyber Law Blog","description":"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.amp.legal\/blog\/ransomware-sparks-class-action\/","og_locale":"en_US","og_type":"article","og_title":"Ransomware Sparks Class Action - Cyber Law Blog","og_description":"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.","og_url":"https:\/\/www.amp.legal\/blog\/ransomware-sparks-class-action\/","og_site_name":"Cyber Law Blog","article_published_time":"2018-02-04T21:28:16+00:00","article_modified_time":"2018-03-26T13:51:43+00:00","og_image":[{"width":900,"height":525,"url":"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2018\/02\/Hospital.jpg","type":"image\/jpeg"}],"author":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.amp.legal\/blog\/ransomware-sparks-class-action\/#article","isPartOf":{"@id":"https:\/\/www.amp.legal\/blog\/ransomware-sparks-class-action\/"},"author":{"name":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f"},"headline":"Ransomware Sparks Class Action","datePublished":"2018-02-04T21:28:16+00:00","dateModified":"2018-03-26T13:51:43+00:00","mainEntityOfPage":{"@id":"https:\/\/www.amp.legal\/blog\/ransomware-sparks-class-action\/"},"wordCount":597,"publisher":{"@id":"https:\/\/www.amp.legal\/blog\/#organization"},"keywords":["attorney","breach response","cyber due diligence","exploit","malware","ransomware"],"articleSection":["Ransomware"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.amp.legal\/blog\/ransomware-sparks-class-action\/","url":"https:\/\/www.amp.legal\/blog\/ransomware-sparks-class-action\/","name":"Ransomware Sparks Class Action - Cyber Law Blog","isPartOf":{"@id":"https:\/\/www.amp.legal\/blog\/#website"},"datePublished":"2018-02-04T21:28:16+00:00","dateModified":"2018-03-26T13:51:43+00:00","description":"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.","breadcrumb":{"@id":"https:\/\/www.amp.legal\/blog\/ransomware-sparks-class-action\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.amp.legal\/blog\/ransomware-sparks-class-action\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.amp.legal\/blog\/ransomware-sparks-class-action\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.amp.legal\/blog\/"},{"@type":"ListItem","position":2,"name":"Ransomware Sparks Class Action"}]},{"@type":"WebSite","@id":"https:\/\/www.amp.legal\/blog\/#website","url":"https:\/\/www.amp.legal\/blog\/","name":"Cyber Law Blog","description":"Exploring technology law in cyberspace","publisher":{"@id":"https:\/\/www.amp.legal\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.amp.legal\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.amp.legal\/blog\/#organization","name":"Alice M. Porch, P.A.","url":"https:\/\/www.amp.legal\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png","contentUrl":"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png","width":1104,"height":1114,"caption":"Alice M. Porch, P.A."},"image":{"@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f","name":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g","caption":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+"},"description":"Alice is a member of the Florida Bar, and she focuses on data privacy and cybersecurity compliance. She attended the Warrington College of Business at the University of Florida and earned a Bachelor of Science in Business Administration. After graduating, she earned a Juris Doctor at the Stetson University College of Law. During law school, she served as an Assistant Executive Editor for Stetson Law Review and also as a Staff Editor for Stetson Journal of Advocacy and the Law. She also served as a member of The Florida Bar Journal\/News Editorial Board from 2018-2024. She is currently a member of the Florida Bar Cybersecurity and Privacy Law Substantive Law Committee.","sameAs":["https:\/\/www.aliceporch.com","https:\/\/www.linkedin.com\/in\/alice-m-porch\/"],"url":"https:\/\/www.amp.legal\/blog\/author\/amplegal\/"}]}},"_links":{"self":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts\/407"}],"collection":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/comments?post=407"}],"version-history":[{"count":40,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts\/407\/revisions"}],"predecessor-version":[{"id":497,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts\/407\/revisions\/497"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/media\/408"}],"wp:attachment":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/media?parent=407"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/categories?post=407"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/tags?post=407"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}