PETYA CYBER-ATTACK: PRELIMINARY LEGAL IMPLICATIONS
As reported by the media, Oschadbank, Ukrposhta, Boryspil Airport, Kharkiv Airport, Ukrgasbank, OTP Bank, Ukrtelecom, Ukrzaliznytsia, Nova Poshta, Vodafone, Lifecell, DTEK, Kyiv Metro are among numerous companies which have been subsequently paralyzed.
Given unexpected, unprecedented and massive impact of the attack, confusion quickly shifted to fighting the immediate consequences of the attack. Both business and government acted in a swift way and the reactions included:
- on 4 July 2017 the Government approved draft amendments to the Tax Code of Ukraine whereby the taxpayers should be released from penalties for untimely registration VAT-invoices issued during 1 June to 15 June 2017 caused by the cyber-attack. Currently the Parliament is expected to vote for the mentioned draft amendments;
- the business, as reported, (i) filing applications to police for initiation criminal investigation with respect to cyber-attack, and (ii) working on restoring damaged files and networks and solutions to enhance its IT security;
- Ukrainian Chamber of Commerce and Industry is reported to agree to acknowledge Petya cyber-attack as a force-majeure event subject to compliance with the approved procedure of its confirmation by the proper evidences; and
- new case law / court practice with respect to force-majeure events and release from liability for damages caused by the recent attack is expected to be approved soon.
Regardless of the above changes in legislation and business environment, it is worthy of mentioning security measures, which may minimize risks and negative consequences if cyber-attacks take place in future, including:
- use licensed software;
- use anti-virus solutions;
- review the wording of the force-majeure clauses to make sure that cyber-attack is expressly listed as an event of force-majeure;
- prepare in advance IT security policies addressing: (i) actions if a company undergoes cyber-attack, and (ii) procedure of collecting evidences of a cyber-attack;
- pay attention to cyber-security, engage professional advisors and service providers in advance to ensure your business is properly protected.
- make sure to implement protective measures, including a disaster recovery plan. Implement procedures which should be closely followed in case of a crisis. Clarify liabilities and potential consequences with your advisors and service providers.
If you have any questions, please feel free to contact Oleksandr Liulkov, Managing Partner Ukraine (firstname.lastname@example.org; M: +380 67 729 9896)
This Legal Alert contains general information only, and Magnusson is not, by means of this document, rendering legal, tax, or other professional advice or services. This document is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect finances or business. Before making any decision or taking any action that may affect business, it is recommended to engage a qualified professional adviser.
MAGNUSSON ORGANIZED ITS ANNUAL SLUSH SIDE EVENT AT HARD ROCK CAFÉ IN HELSINKI ON 3 DEC 2018
We had 15 guest speakers, who had the opportunity to present their companies and innovative business ideas.read more
MAGNUSSON LITHUANIA ADDING NEW PARTNERS TO THE TEAM
As Magnusson Lithuania marks its 20th anniversary this year, we close this period with professional achievements of our team members: associates Rūta Didikė and Eligijus Vinckus become partners of the firm.read more
THE CRYPTO CURRENCY OPERATIONS ARE BECOMING MORE RESTRICTED
The Ministry of Finance of Republic of Estonia is planning to take the draft legislation to the Estonian Government to tighten up the acceptance of crypto currency licenses.read more
MAGNUSSON PARTNER VILLE SALONEN NAMED BOARD MEMBER OF FAF
The Football Association of Finland (FAF) has appointed Ville Salonen as a member to its Board.read more