In recent years, Ransomware attacks have become one of the biggest cyber threats for companies in Brazil and worldwide. In light of this scenario, the digital law specialist lawyer Gabriel Araújo Souto, from PG Lawyers office, explain the essential legal steps that companies and professionals must take when victims of this type of crime
The first mistake many companies make is acting without specialized legal advice, alert the lawyer. According to him, the rush to recover data leads many organizations to make hasty decisions that can worsen the legal situation. Ransom payment, for example, it's not a crime in Brazil, but it must be analyzed with caution, as it may bring ethical and legal implications, explain
The specialist highlights three legal measures necessary after an attack
1. Preservation of evidence – Turning off affected systems without technical guidance can destroy important evidence for investigations
2. Notification to authorities – The LGPD (General Data Protection Law) requires communication to the ANPD (National Data Protection Authority) within 72 hours in case of a personal data breach
3. Contract analysis – It is essential to verify obligations with clients and suppliers regarding data protection
For prevention, Souto recommends that companies include specific clauses on cybersecurity in contracts with IT suppliers; that develops an incident response plan aligned with legal requirements; and conduct periodic audits to verify compliance with data protection standards
The legal aspect of digital security is often overlooked until it is too late. Preventive advice can avoid not only the damages of the attack itself, but also the legal consequences that can persist for years, concluded the expert
