Cyber criminals have steadily shifted away from attacking systems directly and are more inclined to use self-propagating malware to spread across networks, which encrypts or denies access to computer systems. When ransomware strikes, you have little time to decide what to do – payments for some variants increase each day you wait.
Effectively Plan & Respond
Proper planning will prevent many ransomware attacks and allow you to recover quickly if you are impacted. If you are a victim, you need to know what variant of ransomware you are dealing with and how that type of malware works. Every second counts when under attack and understanding your options will help in making quick decisions on how best to respond.
Protecting Your Client’s Data
It is critical to determine if you have contractual obligations to deliver vendor or client data, but are unable to because the data has been encrypted. Contracts and compliance requirements may dictate what you can and cannot do. If you can’t get your data back without paying the ransom and still decide not to pay it, discuss whether there could be legal ramifications if your client contracts say you will “protect and recover their data by any means possible.”
Perform forensic analysis to determine infection severity and type, the affected systems and networks, and if data was exposed.
Contain the threat, secure critical assets, communicate with the malicious actor
Assist with decryption process, work to recover data, provide recommendations for security improvements