Cybersecurity Resource Center

“Emerging cyber threats require engagement from the entire American community to create a safer cyber environment—from government and law enforcement to the private sector and, most importantly, members of the public.”

– the Cybersecurity and Infrastructure Security Agency (“CISA”)

There’s no question that the pandemic has increased companies’ vulnerability to cyberattacks. More companies’ employees are working remotely, and thieves are leveraging that change—as well as public fear—to conduct hacking campaigns. From hospitals to media companies to manufacturing plants, ransomware and other cyberattacks are increasingly prevalent and have far-reaching impacts. As companies store more of their valuable data in electronic form, they are increasingly vulnerable to attacks that render their data inaccessible. We have served as lead counsel on some of the highest-profile ransomware attacks and breaches of recent years, coordinating all response components, including responding to regulatory inquiries and investigations, defending clients in multi-jurisdiction litigation, engaging on public and customer relations issues, advising on contractual obligations and remedies, and working with forensic investigators, credit monitoring firms, and crises communications professionals—any third party providers needed—to provide an integrated, cost-effective, and seamless response to your data security incident.

Some of the more common attack methods include:

  • Ransomware: Ransomware has exploded. While 2020 has been dubbed the year of ransomware, cyber attacks show no signs of slowing down. Organizations of every type and every size are being impacted.
  • Business email compromises: Email compromises trick employees into making fraudulent business payments, often by compromising the account of and impersonating a colleague or vendor.
  • Malicious apps: People working from home tend to jump among personal and company-owned devices. Meanwhile, more and more fraudulent mobile applications are being added to app stores, where they can be downloaded and compromise users’ devices.
  • Videoconference bombing: Because employees have been working remotely and have not been able to meet in person, the use of videoconferences has risen significantly. So too has the disruption of videoconferences with pornographic, hateful, or threatening images and content.
  • Scams and fraud targeting individuals: The FBI warns of social media messages, emails, and phone calls that seek to scam people for money, or to phish account access, under the guise of purported COVID-19 testing, financial relief efforts, or medical equipment.

In addition to data loss, these incidents raise significant business and legal risks, including damage to brand and reputation, disruption of business operations, and contractual and regulatory obligations. We have helped Fortune 500 companies and other leading companies respond to dozens of significant ransomware incidents and have experience with wide-ranging ransomware variants including Ryuk, Maze, Sodinokibi/REvil, WastedLocker, MegaCortex, Nephilim, SunCrypt, and Harma.

Morrison & Foerster is uniquely positioned to provide insight into and counsel on the various facets of cyberattack preparedness and response. Our market-leading Global Privacy + Data Security team has decades of collective experience helping clients navigate these and other pressing issues. Visit our new Privacy + Data Security Litigation practice page to learn how our team can help your company with potential litigation arising from a breach.



Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.