Five steps to a better ransomware response plan

With a bit of luck the city of New Bedford, Mass., escaped having to pay a demanded US$5.3 million to criminals after suffering a ransomware attack last month.

The mayor of the city revealed Wednesday how 158 of the municipality’s workstations — less than five per cent of the total — were locked out by the malware. Fortunately, no critical systems were hit and after the criminals rejected an offer of US$400,000 for the decryption keys to unlock the scrambled data the city decided to restore the data from backups.

Your firm may not be lucky enough to have only non-critical systems trashed by ransomware. Experts agree preparation is the key to protecting against such attacks. But merely relying on backups isn’t enough. In a column for Security Week, Flashpoint CEO Josh Lefkowitz outlined what’s needed for a mature incident response (IR) plan for ransomware:

–A traditional IR plan won’t be enough. You have to face the fact doing the usual things to restore business continuity may not put the pieces back together. The ransomware may have permanently made critical files inaccessible.

–Backups are a good defence, but they may not be perfect. Even the most secure backups can fail, or aren’t updated frequently enough. Accounting for these situations within a ransomware IR plan is crucial.

–Paying up may be necessary. Know in advance what conditions under which the organization may have to pay, if there will be negotiations with the attacker and how the firm will pay.

–Make sure all non-IT stakeholders — communications, legal, compliance, law enforcement — are brought in. There may be legal implications to paying up.

–Finally, test the plan with a tabletop exercise. “Many organizations don’t realize how unprepared they are for a ransomware attack until they experience one,” writes Lefkowitz. “The undoubted chaos and stress brought on by an attack can make it exceedingly difficult to understand, much less communicate and execute, an IR plan.”

Read the full column here.

According a report last month from security vendor Vectra, ransomware is a fast and easy attack with a bigger payout than stealing and selling credit cards or personally identifiable information, because their value drops over time after a theft. Using hard-to-trace cryptocurrency for the ransom payment is an added advantage – so be better prepared.

You may also be interested in reading this case study of an Ontario town’s experience with ransomware.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now