720-891-1663
Return to the list of client alerts
Okay, so your network gets hacked, the hackers steal your data and then they encrypt your systems.
Not your best day.
What do you do?
Different folks do different things, but many times people call in pros to help.
That might include ransomware negotiators, the cops, the FBI, lawyers and cybersecurity experts. One or more of these.
The hackers know – or at least the good ones do – that if you have experts on your side it will improve your odds and decrease their odds – and likely decrease the amount of money that they extract from you, maybe to zero.
For example, lets say they tell you that if you don’t pay they are going to expose your data. How do you know that they even took your data and that is not a bluff? If you have experts in your corner you MAY be able to figure out whether the hacker is just bluffing.
If you have a professional ransomware negotiator working for you, you might be able to negotiate a better deal.
SOooooo, the hackers try to evolve.
The Ragner Locker ransomware group is threatening its victims, saying if they “breathe a word of the attack to law enforcement officials – or attempt to bring in professional investigators or negotiators – before paying the ransom” — they will dump your data.
First of all, you don’t really know if they have your data.
Second, if they dump your data you will have no incentive at all to pay them a penny.
What data did they get if they did get data? Is it really that sensitive?
How will they know if you call for help? Surely you are not going to use the compromised systems to call the police, search for the police phone numbers, call your experts or email your lawyer.
RIGHT!?!?!?!?
All of that is in your written and approved incident response plan, which is on paper in a safe location and you have set up non-connected communications – either burner phones or gmail accounts or whatever, that are not associated in any way with your company.
Now that we think the risk of the hackers knowing (UNLESS they have someone working for them that is on your incident response team, in which case, you have a bigger problem) that you brought in experts, what is the risk?
One thing they might do is tell the world that you have been hacked. Nowadays, that puts you in good company. Relatively low risk.
One hacking group that did steal data went to the victim’s customers and tried to extort them. That is certainly a possibility.
Do you actually have backups that are safe? At least if you do, you can restore.
How long will it take you to restore? Is restoring a viable option?
Obviously, they want you to react and not think. That would be good for them and bad for you.
So what do you do?
First, plan this out before you need to use it.
Second, decide what your risk tolerance is.
Third, practice. Come up with different scenarios. Weigh the pros and cons. It is a whole lot easier to think about it when your company is not being held hostage.
Credit: Data Breach Today