Cyber-attacks affect businesses daily as people try to benefit from vulnerable business systems.
In Ireland the Commission for Communications Regulation is responsible for communication security and regularly issues warnings about cybercrime. It is important that all businesses have effective IT systems and cyber security policies in place to prevent the risk of cybercrime.
Common types of cyber attacks
Malware is a term used to describe malicious software, which breaches a network through a vulnerability, typically when a user clicks a dangerous link or email attachment that then installs dangerous software. Once inside the system, malware can; block access to key components of the network (ransomware), covertly obtains information by transmitting data from the hard drive (spyware), disrupts certain components and renders the system inoperable.
Phishing is the practice of sending fraudulent communications that appear to come from a reputable source, usually through email. The goal is to steal sensitive data like credit card and login information or to install malware.
Often, attackers are looking for ransom. They may steal data and threaten to publish it if the Ransom is not met. They may also encrypt Company systems and demand ransom for the encrypted files.
Other times, fraudulent emails may be sent from what appear to be company email addresses requesting transfer of funds to an account. However the email is from the hackers and the account is also that of the hackers.
If hackers have demanded money, the following may be of benefit;
- An Order compelling the defendants to deliver up or delete all data stolen by the defendants from the Plaintiff
- An Order directing the defendants to remove all data relating to the Plaintiff and its customers from the website with the domain name;
- An Order providing for restrictions on the reporting of the proceedings by media and/or an order that the plaintiff be anonymized in reports of the proceedings. The reasons for protecting the identity of the Plaintiff is that if the issue was reported the business would be damaged by the publicity of it and so the damage the hackers sought to cause would be caused anyway.
- A freezing Order. This is useful if funds have been transferred to a hackers account. The Plaintiff could seek freezing injunctions. These could then be notified to the banks and disclosure Orders could be obtained against them. The Banks could then assist in identifying the Defendant.
In terms of commencing proceedings it may be appropriate to seek damages for fraud etc. as well as for unlawful interference with business relations and economic interests.
Identifying the Plaintiff
The name of the defendant can be ‘persons unknown’ but they must be described in detail, for example, persons unknown who demanded ransom from x company on x date. If any of the defendants are known they must be named.
Where the address of the defendant is unknown, Orders have been granted for alternative means of service for example to an email address, by whatsapp, facebook, twitter or by phone, where there are reasonable grounds to believe that this method will bring matters to the defendants attention.
If the damage occurred in the jurisdiction and the IP address being used by the hackers is in the Jurisdiction then the Irish Courts can deal with same. However when the IP address is outside the Jurisdiction this can cause difficulties.
While effective IT systems and cyber security policies may be more beneficial to prevent the attacks occurring. Having a Legal reliefs to deal with same may hopefully also deter hackers.
If you wish to discuss any of the above please contact Lorna Mc Ardle on 01 2960666.