720-891-1663

Alerts, Best Practices, Legal

Ya Know Your Ransomware Response Strategy – It Probably Doesn’t Work Any More

Leave a comment

Probably many of you have created an incident response plan and possibly you have tested it.

But likely, that plan and test of it is based on the assumption that hackers are encrypting your data.

The solution to that is effective backups. The problem with that is whether your backups really good and how long does it take you to restore dozens to hundreds to thousands of systems. Assuming the backups were stored in the cloud, that means that the cloud is likely a bottleneck.

But hackers are agile. Often much more agile than companies are and often more agile than at least some law enforcement agencies.

Now ransomware has morphed into good-old-fashioned extortion.

In that case, backups are useless. There is now encrypted systems to restore.

And hackers have figured out that possibly companies might not be interested in being extorted.

So the hackers are morphing again. They are reaching out to your customers and threatening them with releasing their data (the customer’s data).

We have also seen the hackers going out to your customer’s customers – individuals – and threatening them with disclosure.

If you are part of a regulated industry, the regulators are asking if you have contacted law enforcement. Historically, companies have been reluctant to involve LEOs because they think they don’t know what they are doing. Regulators are now asking WHO you are talking with at, say, the FBI. What is their name, phone number, email address. The FBI, in particular, is way more sophisticated than they used to be. Likewise for the Secret Secret for financial crimes. The weak link is still local LEOs, but likely the best thing for you to do is to bypass local LEO – this is just above their pay grade.

Even if you are not in a regulated industry, your insurance carrier is going to require that if you want any coverage at all you need to report the crime to law enforcement.

Let’s assume whether you cooperate or not with the FBI, maybe they catch the bad actors. Now the DA or AG issues a subpoena to you to testify in front of a grand jury.

Worse yet, the criminal may want to depose your CEO, CFO, CRO, CISO, etc.

Regardless of what you saw on TV during the January 6th hearings, most companies don’t have a choice regarding cooperating. This can bring your breach back into the news and, possibly, require you to share sensitive data with the hacker.

If there are class action lawsuits, there often is significant discovery responsibilities that you have. Again, not optional.

If you have not updated your incident response plan in light of this, please contact us; we would love to help with this.

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2024 CyberCecurity, All rights reserved. Privacy Policy