Don’t Get Caught With A Deer-In-The-Headlights Response to Ransomware Attacks

We’ve examined how important it is for any nonprofit performing arts organization to maintain a data breach policy in the event the group becomes the victim of a cyberattack and the next step in that process is preparing contingency plans for a ransomware attack.

Data breach policies are must-haves to protect organizations and their patrons when cybercriminals access a network to steal data. Ransomware attacks also focus on accessing a network but instead of stealing your data, they lock you out.

The 7/6/2021 edition of The Washington Post has a good article written by Gerrit De Vynck, Aaron Gregg, and Rachel Lerman that explains how Ransomware criminals are evolving past straightforward phishing attempts to gain access and are now dedicating far more resources to exploiting software. In English, that’s the difference between a grifter running a three-card monte game and Bernie Madoff launching a multi-billion-dollar Ponzi scam.

As the Post article makes clear, the target of the latest Ransomwear attack wasn’t just a company with lax security. They were actively and earnestly monitoring their code to identify weak points and adjust.

If your organization finds itself as the target of a Ransomwear attack, don’t be afraid of any PR. Follow the Federal Bureau of Investigation’s (FBI) recommendations on how to respond and report.

The FBI does not support paying a ransom in response to a ransomware attack. Paying a ransom doesn’t guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.

If you are a victim of ransomware:

• Contact your local FBI field officeto request assistance, or submit a tip
• File a report with the FBI’s Internet Crime Complaint Center (IC3).

You can find even more information in this document prepared by a joint team of U.S. Government law enforcement agencies. In addition to insight into technical matters, they have an excellent section with business continuity considerations.

Beyond the advice in those resources, you can expand on the common-sense strategies you (hopefully) have in place with general cyberattack considerations:

• Make sure your cybersecurity response plan includes specific instructions for ransomware attacks. This includes making all executive leaders (board and administration) aware of the threat and understand their role in the wake of an incident.
• While Federal agencies advice otherwise, paying the ransom is something businesses do under extreme circumstances. If it’s something your organization wants to consider, you’ll need to make sure you understand cryptocurrency, have a cyber forensic provider identified to offer advice, and do the math on paying ransom vs. the cost of restoration.
• Review your insurance policies; one oddity here is to make sure your provider allows other third-party providers to help when responding to an incident.