Does your company have a response plan in the event of a cyber attack? If the answer is no, the consequences can be catastrophic. Now more than ever, it’s critical to map out protocols so that everyone in the organization knows exactly what their role is in the event of an attack.
After WannaCry and other ransomware attacks that have emerged, these threats are only becoming more devastating with the passage of time as hackers improve their strategies. In addition, it’s important to consider the impact that these kinds of attacks can have on businesses.
A 2017 report by Malwarebytes showed that 22% of small and medium businesses attacked by ransomware had to stop their operations, while 15% ended up losing revenue. These consequences can be devastating for almost any company, but their effects are particularly more pronounced in the case of small and medium-sized businesses.
In the face of such potential for damages, it is vital to be prepared for such attacks. Here are a few actionable strategies if you or your company has the misfortune to become the victim of a ransomware attack.
Have an initial response plan
When an incident occurs, the amount of time it takes to respond is critical. The longer a company takes to respond, the greater is the risk of the losses to be incurred. That’s why it’s important to create a ransomware incident response plan.
Planning should include criteria for defining when the ransom should be paid – if at all – for unlocking your data assets held hostage by hackers. After all, the decision to pay or not is a business decision and requires consideration from all company sectors. The decision should be discussed and agreed upon collectively.
Most of the time, IT and information security teams are not accustomed to dealing with situations like these, so it is imperative that all relevant teams and members are prepared for such incidents. Your team should know where the problem will be discussed, which media segment the news will be directed to, and how the attack will be announced to customers.
The idea is to select which people will be part of this team and set an initial direction so that they do not have to wait for you to start taking the first steps.
Keep your response plan backed up
Having a backup is extremely important. Imagine your business suffering an attack and a particular computer was compromised. If the response plan was stored only in that one system, how will you have access to it?
Ransomware is able to lock up computers and sometimes even the network they live on. With this in mind, make sure your plan is saved in a safe place and can be accessed from multiple locations.
Set up a response team today
Do you already know who needs to be on the discussion board after a ransomware attack? Now is the time to decide. Directors and C-levels are important, but also ensure that public relations professionals, human resources, and heads of other departments are present.
Once you have formed your squad, inform them, and have a personal contact for emergencies. Make sure everyone on this team knows each other with their contact information for instant communication if need be.
Have a communication plan
In attacks like these, the company’s usual modes of business communication can also be compromised, so it’s important to have an alternative platform for safe communication with your team. Whether by cell phone or other devices, make sure everyone has access and can talk to each other in case of an emergency.
After an attack, numerous issues arise at all levels of a company from the technical department to public relations, and all of these need to be resolved with extreme professionalism. Therefore, you may not be able to take care of everything yourself. Choose a reliable and capable professional who is able to manage this time of crisis while also being able to delegate tasks.
Decide how to respond to the attack
Paying the ransom may be the easiest way to access compromised data, but it does not guarantee that cybercriminals will live up to their word. There is always the risk that paying the ransom will only encourage criminals and enable them to develop even more sophisticated attacks to target other companies in the future.
Even if you are considering paying the hacker to gain access to your files again, it is important to have a solid plan B in case things go awry. In some cases, it is speculated that even after making the payment to the hacker, it is not possible to have access to the files, because ransomware damages the data and makes them inaccessible. It’s also important to note the FBI does not recommend paying the attackers.
One of the first things to do after a ransomware attack is to isolate all affected systems, which will prevent the infection from spreading to other machines, as most ransomware has the ability to replicate on the network.
Consider an infrastructure update
If not in place already, an infrastructure update can be an important way for a company to protect itself. For example, cloud-based systems are easily and automatically updated in one place, accumulate real-time attack and intrusion data, and incorporate internal constraints that separate software layers and prevent intrusive software from achieving the attack.
This is an advantage over systems that rely on computers on company premises.
It can also become relatively difficult for intruders to exploit holes in a cloud-based architecture. For example, in late April 2017, Google blocked a phishing attack (an attempt to use email to trick people into submitting compromising information). Their success was largely thanks to the cloud-based features of Gmail software that made it possible to quickly identify and isolate intruder malware.
Take lessons and apply them for the future
As more and more ransomware attacks are made public, learn from the mistakes of others and study these events in order to prevent them from happening to you. Consistently update your response plan as threats evolve so that you aren’t caught off guard. The threat landscape is constantly changing, but you don’t have to be a victim because of it.