Former Uber CSO avoids prison time for ransomware coverup

A federal district court judge sentenced Joseph Sullivan, former chief security officer at Uber, to three years probation after he was convicted of concealing a 2016 ransomware attack against the company while the ride sharing firm was under investigation by the Federal Trade Commission.

A federal district court judge sentenced Joseph Sullivan, former chief security officer at Uber, to three years probation after he was convicted of concealing a 2016 ransomware attack against the company while the ride sharing firm was under investigation by the Federal Trade Commission.

Sullivan will also have to complete 200 hours of community service and pay a $50,000 fine.

Sullivan was convicted in October of obstructing the FTC probe and misprision of a felony, which is essentially failure to report the crime to authorities.

The company reached a non-prosecution deal with federal authorities prior to Sullivan’s October conviction.

The attack sent shockwaves throughout the cybersecurity community and much of the legal community, as companies have historically failed to report the majority of ransomware attacks to federal law enforcement or regulators.

Sullivan arranged to pay off the hackers in the ransomware attack, while having them sign nondisclosure agreements to keep terms of the payoff a secret.