1. Home
  2. |Experience
  3. |Privacy and Cybersecurity
  4. |Ransomware

Ransomware

Overview

Although ransomware attacks are increasingly common, they need not be catastrophic for a business. Advance preparation, proper crisis management, timely remedial action, accurate assessments of harm, and, when appropriate, effective communications including notifications to government and affected individuals, can significantly mitigate the business impact of these incidents.

Crowell & Moring is well-positioned to help you prepare for and respond to ransomware attacks. In these crisis situations, our cybersecurity team is on the ground providing support at every stage, from initial internal investigation and risk management, through making notifications where appropriate, and, if necessary, government enforcement actions and litigation. We also work with technical consultants when appropriate through relationships structured to help maintain confidentiality and privilege for forensic investigations.

We have investigated hundreds of cybersecurity incidents, and our specific experience with ransomware includes advising victims of the following:

  • REvil/Sodinokibi
  • DarkSide
  • Maze
  • Ryuk
  • Suncrypt
  • DoppelPaymer
  • Netwalker
  • Cryptolocker
  • SNAKE
  • CL0P
  • WannaCry
  • NotPetya
  • Multiple novel ransomware strains and emerging threat actor groups

Crowell & Moring’s cybersecurity team also works closely with other practice groups at the firm that have relevant experience with the wide range of issues raised by ransomware attacks, including International Trade, Government Contracts, White Collar, National Security, and Financial Services.

If you need help assessing your ransomware preparedness or are the victim of an attack, please contact one of the Crowell & Moring lawyers listed above. We have also created a checklist to help you respond to a ransomware attack.

Contacts

See All Professionals

Insights

Client Alert | 13 min read | 06.12.26

EU Cyber Resilience Act Countdown: 11 September 2026 Incident/Vulnerability Reporting Deadline Less Than 100 Days Away

The EU Cyber Resilience Act (CRA) is an EU product cybersecurity law for connected products (formally, “products with digital elements” under the CRA) commercialized in the EU; it entered into force on 10 December 2024, with direct application across the EU. Full application begins 11 December 2027, but one of its most operationally demanding provisions takes effect in just under 100 days, on 11 September 2026: the mandatory vulnerability and incident reporting under Article 14 CRA....

View All Insights

Insights

Client Alert | 13 min read | 06.12.26

EU Cyber Resilience Act Countdown: 11 September 2026 Incident/Vulnerability Reporting Deadline Less Than 100 Days Away

Firm News | 1 min read | 06.11.26

Crowell & Moring Partner Emma Wright Appointed to UK Government's Digital ID Advisory Group

Firm News | 7 min read | 06.04.26

Crowell & Moring Secures Top Rankings in Chambers USA 2026

Firm News | 1 min read | 05.30.25

Kristin Madigan Named 2025 Top Woman Lawyer by the Daily Journal

View All Insights

Professionals

View All Professionals

Insights

Client Alert | 13 min read | 06.12.26

EU Cyber Resilience Act Countdown: 11 September 2026 Incident/Vulnerability Reporting Deadline Less Than 100 Days Away

The EU Cyber Resilience Act (CRA) is an EU product cybersecurity law for connected products (formally, “products with digital elements” under the CRA) commercialized in the EU; it entered into force on 10 December 2024, with direct application across the EU. Full application begins 11 December 2027, but one of its most operationally demanding provisions takes effect in just under 100 days, on 11 September 2026: the mandatory vulnerability and incident reporting under Article 14 CRA....

View All Insights