In Part 1 of this post, I noted that ransomware events are occurring much more frequently; as many as 4,000 a day since January 1st of 2016. We took a look at some preventative measures that may protect your company and its network/data against a ransomware event.
This week, I want to outline several actions to consider when an event does take place. Let’s face it, if the ransomware trend continues as it’s going, it’s only a matter of time before your company is impacted as well. Taking a “head in the sand” approach will only ensure lost data, reputation damage and many unchecked expenses.
Consider these actions if ransomware infects your network:
- Isolate the infected device — If possible, you’ll want to stop the infection from spreading, so immediately remove the device from the network. Unplug the network cable or turn off the WiFi connection. In addition, power off any other devices on the network until the malware is contained and eliminated.
- Alert your IT representative — Your IT staff or service provider will, at the very least, be able to assess the severity of the situation.
- Activate your Business Continuity and Disaster Recovery Plans — As recommended in Part 1, you should have a plan to deal with cyber breach events. Your team should be aware of the content, trained to perform the actions and ready to act. The plan should include:
- Bringing in the IT department or an IT forensics firm to assess and remediate the situation — Remove the malware (if possible), recover data from backups, clean the infected devices and note exactly what data was impacted
- Updating the C-Suite and Department Managers so they may facilitate their part of the plan
- Contacting Law Enforcement to report the ransomware event — The decision to pay the ransom should be heavily weighed against remediating the issue in-house, without ever communicating with, or sending a single Bitcoin to the bad guys
- Notify your Cyber Insurer — Report the claim to your insurer so they can guide you through the event in accordance with your policy, so you don’t step outside the bounds of your coverage and incur unrecoverable costs.
- Upgrade and Update — After the event has been dealt with, make sure that the bad guys cannot reinstate the ransomware and take advantage of the same lax security or uneducated user(s).
Ransomware is, unfortunately, a serious cyber risk that every company with a computer faces. In addition to stopping events, being prepared to handle one that occurs is extremely critical.
Click here to request more information or if you have any questions regarding the implementation of a strategic cyber risk mitigation plan.