Who Do You Call If Your Business Gets Affected by Ransomware?

The average ransomware payout in 2018 was $6,733, according to Coveware. The average overall business impact was almost $55,000, with business impact lasting an average of 5.5 days.  Arguably worse, 15% of all data affected by these breaches was rendered unrecoverable. These attacks are growing in prevalence, increasingly affecting businesses of scale, the average employee count being 71, and are presenting unique challenges to the assessors of risk in the business community. 

It is my sincere hope that you’re coming to this article for proactive research. If you’re in a position where the walls have already been breached, please feel free to reach out to us directly for specific advice.  The rest of this article will serve to build a set of guidelines, or an emergency plan, in case of an attack. 

To head off a crisis, it’s essential to build a set of guidelines or an emergency plan in case of an attack.

If you’ve been hit by ransomware, you should:

  1. Contact your IT leadership 
  2. Immediately contact your business insurance carrier
  3. Provide as much detail as possible to any customers affected
  4. Remediate the affected assets 
  5. Protect the overall IT environment 
Call Your Ghostbusters Immediately

Your organizations IT leadership team must be notified as quickly as possible about the suspected breach, if they haven’t reached out to you already. The sooner the tech team can ascertain what’s been compromised, the sooner they should be able to quarantine the attack.

The goal of ransomware is to attack vulnerabilities within an environment for financial gainThe amount of documents or sensitive information your attacker is able to get their hands on depends entirely on how long the intrusion goes undetected. We know that there may be some shame or fear about reporting that you clicked a phishing link, but the sooner you report it, the sooner your security team can respond.

A healthy IT department should have the capacity to isolate and quarantine the affected workstation or mailbox and keep the malware from spreading. If a workstation, application server or other asset gets compromised and held for ransom, it’s important to set policies that determine how much your organization is willing to pay to rid itself of an intrusion.  Sometimes, a ransom number is low enough that paying it justifies removing the burden from your environment.

A good CIO or technology strategy leader should be able to help set this process in place. Think of it like a fire escape plan for your business – establish it, review it for efficacy often, communicate it clearly to employees, and do whatever you can to make sure you don’t need to follow it. 

Contact your business insurance carrier 

Cyber liability insurance is a rapidly growing risk management subset, and with good reason. Individual carriers have all sorts of policies specifically linked to mitigating the downside and damage of cyber intrusion, including ransomware. Some general liability policies will include this coverage as well.  

To get the greatest amount of value from this practice, ensure that your technology strategy works in line with your insurance policy. Properly evaluating the true cost of an attack, the value and fidelity of your data and the action plans associated with remediation from a technology level can help your insurer right size the policy for your business.

Communicate any breach to your customers

This part sucks, but the only thing worse than your biggest client getting a fake invoice link from your accounts payable team is pretending like you didn’t know it happened. The nature of ransomware is to continue to infect as many vulnerable clients as possible; while internal networks are often set to contain peer to peer attacks, things like email, document sharing, and collaboration suites afford the opportunity for attacks to spread outside the organization. 

Knowing and clearly defining your role in protecting customer data can be daunting, but it is critical for success in the digital age.  For many companies, the burden of responsibility is low, and most of that security burden gets passed to the software vendors they choose. In other instances, additional responsibility is required to secure customer or patient data, the compromise of which can be financially devastating for a business to realize too late. A modern business, of any size, requires a data loss prevention strategy, and a consistent security risk assessment policy.

Remediate the affected assets

If you have a hole, you’re going to have to figure out how to patch it. This happens to be one of the biggest value drivers of Virtual Desktop services; that an infected ‘desktop’ can be wiped and reimaged from a data center without the physical machine needing to be touched.  

In any configuration, though, a plan needs to be in place and followed if any IT asset gets compromised. The sooner an attack can be acknowledged and sequestered, the better the outcome for your business.

Secure the perimeter

If there’s any value in being attacked, it’s that your organization can identify where your threats are, and how to patch them up. Understanding the attack vector of the ransomware can lead your IT team to shore up defenses they may not have considered. 

Unfortunately, there’s no shortage of risks associated with managing a team and network, but there are many ways to reduce them. Creating policies and procedures to safeguard your company ahead of an attack can keep your downtime and financial burden as low as possible and reduce potential threats to mere speed bumps.

It is essential that your company is protected from malware. If you’re experiencing a ransomware attack, or simply want to make sure your company is protected from ransomware, Framework can help