Ransomware attacks: ransom payment as a legal risk - expert warning!

Ransomware attacks: ransom payment as a legal risk - expert warning!

ransomware attacks are on the rise, which is why both the Federal Criminal Police Office (BKA) and the Federal Office of Information Technology (BSI) warn of the risks of a ransom payment. The consequence of the refusal of payment can lead to permanent data loss and serious damage in the company.

Although the payment of the ransom may appear as the simplest solution at first glance, corporate managers can take legal risks. It is possible to make the support of a criminal association guilty, especially if the attackers are seen as part of such a group. However, this legal responsibility could be difficult to demonstrable.

Another legal challenge is that the payment of the ransom may be incorrectly considered necessary and thus represents an emergency situation. In such cases, Section 34 of the Criminal Code (StGB) only offers limited protection because it excludes the protection of property. It is rare that an excusing emergency is recognized in accordance with Section 35 of the Criminal Code.

If a criminal proceedings occur, there is nevertheless the possibility that the public prosecutor's office will refrain from persecution, especially if the criminal association is active abroad. It is important to note that cyber insurance generally does not cover such criminal acts, which can mean additional legal risks for the company.