Ransomware Attacks: Preparing Your Organization

Published 10/5/2021, 3:30pm

As ransomware attacks continue to affect thousands of organizations worldwide, businesses are dealing with the fall-out, asking questions like, will they be attacked and what should they do if they are. 

Both ransomware and an organization’s response to it can be complex. There are steps, stakeholders, and scenarios that need to be considered. In our latest white paper: Reckoning with Ransomware, we address these three concerns by taking a deeper look at:

• What steps should an organization include in a ransomware response?
• What individuals and groups should be included in response activities?
• What does the recovery process look like after a plan has been implemented?

Common Thieves Engaging in Complex Attacks

With a history that spans forty years, ransomware has made the rounds and evolved into something that has become a weapon for targeted attacks and business disruption. Despite the advancements to ransomware structure and approach, the goal remains the same—extort as much money as possible from victims. 

With ransomware as a service (RaaS) and techniques like double and triple extortion, ransomware is easily available, dangerous, and highly profitable for attackers. And any business could be a potential victim. While governments and industry leaders discuss the merits of regulatory actions, businesses are being forced to address the fact that they could be the next victim.

When a ransomware attack hits, knowing what to do and when to do it could mean the difference between minimizing the attack’s repercussions and becoming the next front-page headline. 

Ransomware Incident Response

A formalized incident response plan (IRP) is critical when dealing with a ransomware attack. An IRP documents those procedures associated with addressing and managing a ransomware incident, including the names of individuals that need to be involved in the response, their contact information, and their roles. An incident response plan is designed to help businesses significantly minimize an attack’s impact, ensure critical attack information is gathered in a timely fashion, and help reduce the costs associated with an attack.

IRPs may include information such as:

• Definitions—The definitions associated with key incident terms like ‘incident response team’ or ‘incident summary report.’
• Roles and Responsibilities—Key individuals from the company that need to be involved, team structure, and the names of external incident response providers that may have been retained. 
• Incident Response Methodology—Playbooks and step-by-step approaches from the moment a ransomware attack is suspected, including backups, documentation, notification procedures, etc.
• Communications Approaches—Approach to notifying customers, vendors, employees, law enforcement, cyber insurance provider, regulatory agencies, and the public.
• Cybersecurity Insurance Information—Contact and policy information for the cyber insurance provider.
• Business Continuity Considerations—Information on critical systems needed to keep the business operational.

To learn more about an incident response plan and its role in a ransomware attack, read our newest white paper, Reckoning with Ransomware which presents a detailed and realistic scenario of how a ransomware attack might unfold and what steps a company should take when dealing with the attack.