Enroll Now! Your Folder (0)
Enroll Now! Your Folder (0)
general.header.copyright
Filter
Back

“Wannacry” – What Can You Do If You Are Hit by a Ransomware Cyber Extortion?

2017-05-01

Introduction

On 12 May 2017, many companies all around the world (it is reported that over 200,000 computers and still counting) suffered a massive attack by a malicious software (malware) known as “Wannacry”. This article will explain what is “Wannacry” and what legal recourses there are if you are hit by this malware.

Background

“Wannacry” is what is known as “ransomware”, a malware that is a computer virus that usually spreads via spam emails (phishing emails) and malicious download links (hyperlink attachments or websites URL address). Ransomware is designed to restrict access of data files in computers, hard drives or servers by encrypting the data (turning them into meaningless characters and codes) and demands the victim to pay a ransom, ranging from US$100 to US$1,000, for decrypting the files back to their original readable state.

The ransom is usually asked to be paid in the form of digital currency known as Bitcoin (a kind of crypto-currency or digital money that is made over the internet and very difficult to trace). Once the data files of a computer or server have been encrypted, it is almost impossible to decrypt the files without the decryption key. Hence the victim will be at the mercy of the ransomware criminals unless the data has been backed up and could be restored without the need of paying a ransom to decrypt the files.

Criminal and Civil Recourses

Criminal Recourse

It is an offence under the Theft Ordinance (Cap 210, s 23) in blackmail if a person makes an unwarranted demand with menaces with a view to gain or intent to cause loss to another: “A person commits blackmail if, with a view to gain for himself or another or with intent to cause loss to another, he makes any unwarranted demand with menaces.”

An unwarranted demand for a ransom of money or Bitcoin with a threat of encrypting or deleting the computer files of the victim is therefore a criminal offence under Hong Kong law.

The installation of ransomware is also a breach of the Crimes Ordinance (Cap 200) concerning criminal or dishonest access to a computer:

A person commits an offence if the person obtains access to a computer:

  • with intent to commit an offence;
  • with a dishonest intent to deceive;
  • with a view to dishonest gain for himself or another; or
  • with a dishonest intent to cause loss to another,

whether on the same occasion as the person obtains such access or on any future occasion.

The perpetrator of the ransomware crime might be out of jurisdiction but that does not mean that Hong Kong will not have jurisdiction: under the Criminal Jurisdiction Ordinance (Cap 461), if the elements of the blackmail offence occurred in Hong Kong, then the Hong Kong Courts and law enforcement agencies will have jurisdiction to pursue the perpetrators, even if the perpetrators are not in Hong Kong or they are not Hong Kong citizens.

Civil Recourse

For a ransomware threat and blackmail, a victim has a civil recourse in tort against the perpetrator under the tort of intentional infliction of harm by unlawful means. However, the difficulty would be in identifying the perpetrator and proving the case.

Preventing Ransomware

Given that it is almost impossible to decrypt the data once it has been locked by ransomware, it is advisable to take measures to prevent from being a victim of ransomware:

  • Use anti-virus software and keep the patching up-to-date.
  • Do not open any suspicious link or attachment in emails.
  • Regularly back up the data stored on the computer and server and keep the backup files off line. If the data is locked, there will still be backup data to restore from.
  • Report the matter to law enforcement agencies.

Conclusion

Being attacked by ransomware may have a serious impact on business operations because the company may not be able to use any customer or business data to conduct business. There might also be reputational damages and the loss of trust from customers.

While it is up to the affected company or individual to deice whether or not to pay the ransom, the advice from law enforcement agencies worldwide is that ransom should not be paid as there is no guarantee that even after paying the ransom, the locked file will be decrypted. Moreover, it will also encourage cyber criminals to continue with the extortion. There is also an issue of possible money laundering and the requirement to make a report to the authorities. Accordingly, the ransom should not be paid and companies and individuals should focus on preventive measures and raising the staff’s awareness and vigilance against cyber extortion.

 

For enquiries, please contact our Litigation & Dispute Resolution Department:

E: criminal@onc.hk                                                            

W: www.onc.hk                                                                   

 T: (852) 2810 1212

F: (852) 2804 6311

19th Floor, Three Exchange Square, 8 Connaught Place, Central, Hong Kong

Important: The law and procedure on this subject are very specialised and complicated. This article is just a very general outline for reference and cannot be relied upon as legal advice in any individual case. If any advice or assistance is needed, please contact our solicitors.

Back to top

ONC uses cookies to give you the best experience. If you continue browsing, we will assume that you accept their use. Cookie Policy