There is a dramatic increase in ransomware-related lawsuits, underscoring the growing legal challenges businesses face in the wake of cyberattacks, according to a new report from Bloomberg Law. The report, “Ransomware Attacks: Litigating a Growing Threat,” provides an in-depth look at the trends and implications of ransomware litigation in 2023 and 2024.
The report highlights the high-profile attacks that have made ransomware the predominant cyber threat to corporations. This surge has led to a significant rise in lawsuits, with federal complaints mentioning ransomware increasing sevenfold from 2021 to 2023 and the first half of 2024 seeing a record number of ransomware complaints.
Key findings from the report include:
- Most-Litigated: The most-litigated ransomware attack of 2023–2024 is the breach of Progress Software’s file-sharing platform MOVEit, which has resulted in 279 federal lawsuits so far.
- Four Lawsuit Types: Nearly every case analyzed falls into one of four categories—Consumer v. Business, Consumer v. Vendor, Business v. Vendor, and Business v. Hacker. Common Claims: Negligence is a prevalent cause of action in nearly all ransomware-related lawsuits, with plaintiffs often citing the failure of businesses to safeguard data against foreseeable attacks.
- Healthcare Targets: The healthcare sector has been particularly hard hit, with significant breaches affecting major companies in this space.
- Vendor Vulnerabilities: Many lawsuits have been filed against third-party vendors, highlighting the risks associated with outsourcing data management.
This report also explores many legal issues that arise from these cases, including standing, breach of contract, compensatory damages, unjust enrichment, and service of process.
“This report provides essential information for legal departments looking to strengthen their cybersecurity measures and understand the legal ramifications of ransomware attacks,” said Alex Butler, Vice President, Analysis & Content, Bloomberg Law.
Download the report to read more.