Ransomware attacks are a growing and evolving crime threatening the private and public sectors. Ransomware exploits human and technical weaknesses to gain access to an organization’s technical infrastructure to deny access to its own data.
Ransomware is malicious software that infects computers, networks and servers and encrypts the data with a key known only to the hacker until a ransom is paid. Businesses are not generally aware malware has infected their systems until they receive the ransom request (usually in a cryptocurrency, such as Bitcoin).
The most common delivery method of this malware is through phishing emails.
Every business subject to a ransomware attack faces several risks such as loss of valuable data and interruption of workflow by preventing employees from accessing data. This can result in significant economic losses and reputational harm.
Businesses in the health care or financial sector are subject to specific notification requirements under federal or state law if a ransomware attack results in a data breach that involves personally identifiable information of clients and/or employees.
STEPS FOR PREVENTION
Regardless of size or federal oversight, all businesses should take steps, appropriate to their size, to prevent a ransomware attack, to include:
• Conducting internal compliance and risk assessments to determine vulnerability to cyberattacks.
• Developing and implementing policies and procedures required for compliance with federal and state privacy laws.
• Establishing secure data backup protocols to ensure important business records are secure.
• Lining up outside experts, if necessary, based upon the risk profile of the business, ready to provide assistance if a ransomware attack is successful.
• Training employees, based on their job responsibilities, explaining the importance of following the business’s internal policies related to electronic security.
• Conducting due diligence on third-party service providers with access to personal information and sensitive business information.
Even businesses that take steps to prevent a ransomware attack may not be able to stop it. If a business has been attacked, it should activate its contingency or business continuity plans to be able to continue operations while responding and recovering from the attack.
The exact steps to take depend on the nature of the business, but in general include:
• Assembling a team of experts to investigate the attack. Include independent forensic experts and internal team members in information technology, human resources, legal and management.
• Preventing additional data loss by taking all the affected equipment offline immediately – but do not turn off any equipment until the forensic investigators arrive. If possible, replace the affected equipment, update credentials and passwords of authorized users and preserve any forensic evidence.
• Notifying law enforcement.
• Contacting legal counsel to determine breach notification legal requirements, if the forensic expert determines the attack resulted in a breach of personally identifiable information.
While a ransomware attack may not be prevented, it is very important for businesses of any size to have a plan in place and be ready to execute it in order to minimize additional financial loss.