Gabriel M. Ramsey

Ramsey developed innovative IP legal theories to successfully counterattack cybercrime infrastructure as part of his representation of leading technology and entertainment companies in complex litigation.

His clients have included Microsoft Corp., McAfee Inc., EMC Corp., Perfect World Entertainment, Bandai Namco Entertainment, CNET Networks, eHarmony.com, Audible Magic Corp., Fox Entertainment Group, Fox Broadcasting, Universal Studios and The Walt Disney Co.

“The world of malicious code unfortunately contains a lot of really determined and well-resourced adversaries who are highly motivated to make money and obtain information,” Ramsey said. “It can be quite a challenge to disrupt that world.”

For Microsoft, he has combatted botnets, malware and phishing infrastructure.

He took down one of the world’s largest spam botnets, known as Necurs, in which the defendants installed malicious software on victim computers, sent spam email from those computers and stole highly sensitive information from millions of individuals. Microsoft Corp. v. John Does 1-2, 20-CV01217 (E.D. N.Y., filed March 5, 2020).

Ramsey employed a novel theory of trademark infringement.

“The botnet creators installed an adulterated version of Windows containing malicious code,” he said, referring to Microsoft’s key operating system. “Once the defendants took control of the system, Microsoft consumers still believed it was the real product and bad things happened to them.”

Through a worldwide effort, involving cooperation by foreign partners in many jurisdictions, and through the application of federal hacking, trademark and state laws, Ramsey and his team plus Microsoft’s digital crimes unit were able to prevent more than six million of the botnet’s fallback command and control infrastructure addresses from being registered by the defendants. This cut off the defendants’ ability to control the botnet, protecting the client, its customers and the public.

“The case is at the stage where we are now moving for default judgment,” Ramsey said. “That will make sure the botnet can’t come back to life.”

Ramsey used a different IP theory involving the Copyright Act in a separate Microsoft case. As lead counsel, he represents both Microsoft and FS-ISAC Inc., a security organization for the financial sector, in recent legal steps to disable the Trickbot botnet, which threatened U.S. election integrity, delivered ransomware that disrupted areas of the economy and engaged in the theft of funds from victims’ online bank accounts. Microsoft Corp. v. Does 1-2, 20-CV01171 (E.D. Va., filed Oct. 12, 2020).

“The defendants copied Microsoft’s software development kit, and to do that they had to click-and-agree to Microsoft’s licensing,” Ramsey said. “Then, we argued, they carried out activities that violated the license under the Copyright Act.”

He obtained a court order giving Microsoft control of the Trickbot command and control infrastructure as well as an expedited process to disable new infrastructure put in place by the defendants.

“Microsoft’s smart security folks can use that to remediate the harm,” Ramsey said.

— John Roemer