Ransomware Cyber Attacks: How to Prepare & Respond

By Christine Bucci for BRITTON GALLAGHER

Hackers are wielding their power across Europe by unleashing a rash of ransomware cyber attacks on companies, with the most severe hitting the Ukraine.

Ransomware is a type of malware that holds your computer and data files hostage until the ransom pays the demanded amount. In the most recent European cases, social media posts show images of affected computers with ransomware notes in English demanding $300 in Bitcoin, a form of digital currency.

While hitting overseas the hardest, several US-based companies and government organizations have also been impacted by the cyber attacks. These attacks can cripple major operation systems, leaving banks unable to process transactions, airlines unable to continue flights or, in the case of Ukraine, disrupting its power grid. 

Why Your BackUp Procedures are a Critical Risk Prevention Step

These attacks are not a new form of cyber crime. According to a Trustlook, Inc survey, 17 percent of respondents have dealt with ransomware in the past year, with 38 percent paying the ransom, all in bitcoin currency. Even after receiving the ransom payment, hackers typically do not release hostage data files back to a company.

Perhaps one of the most alarming findings from the survey is only 23 percent of respondents back up their data. Backing up data and having a response plan in place are the two most effective ways to protect your company from the threat of ransomware.

A management liability client was the victim of a ransomware attack several years ago, with cyber criminals locking their system files down in exchange for a substantial Bitcoin payment.

The client had a response plan in place, including a regular backup procedure for their data files. Because they regularly backed up their data, they were able to delete the ransomware files and restore from backup before the virus accessed their backup storage. With the recovered files, the client walked away from the situation with their records intact and without paying a ransom. They also avoided the messy process of having to notify clients and any reputational damage that typically stems from cyber breaches.

How To Protect Your Company from a Cyber Attack

  • Establish a recovery plan: Conducting regular system backups are one of the most important steps in safeguarding your files from hackers. Typically, backup files are not initially impacted, giving you time to respond before the next backup occurs which would overwrite the saved files with the virus. If you have an unaffected back up, you can delete the hostage files and restore the originals from your back up database. By having a data recovery plan, you can walk away from the situation without paying a ransom or investing additional time and resources to respond to the hackers.
  • Risk Management Measures: Check to make sure your company has a cyber insurance policy as a part of your risk portfolio. Your business insurance broker can work with you to adjust coverage parameters to ensure you have adequate protection for your data situation. These policies are typically determined by revenue and number of records needing protection, meaning coverage and costs are based on limits and how many notifications would be triggered by a breach. Depending on the insurance carrier, having a cyber policy gives you access to additional response and loss prevention resources.

These resources include tips on establishing a recovery plan and preparing your response if a cyber security incident does occur. In the case of the client mentioned above, if their IT department wasn’t able to mitigate the threat on their own, they were able to go to their insurance carrier that had its own cyber response team. This team could have taken over the recovery and response process, ensuring the right steps were taken to minimize damage, costs and additional threats.

Your professional liability advisor can also provide you with resources, like a cyber security planning guide to ensure your team understands and knows how to prepare for any cyber incident.

What Not to Do if Your Company is the Victim of a Ransomware Cyber Attack

One of the biggest mistakes companies make when a cyber attack happens is announcing it has been breached. To safeguard your company for costs and potential reputational damage, always refer to a potential attack as an “incident.” Your cyber insurance response team will also advise it is an incident as using the term “breach” triggers another level of response, including automatic ID theft protection and monitoring of personal records.

If you are not prepared to respond to the attack, contact your business insurance broker or cyber insurance carrier immediately. Do not publicize the situation to anyone, including employees (if this can be avoided). Cyber response teams have the proper recourse to do the right things at the right time before it costs you time, money and your brand’s reputation.

It is also a good practice to have a procedure for employee conduct if the company is the target of a ransomware or other similar cyber attack. All it takes is an employee social media post or phone call to a friend stating your company’s files have been breached to set off the additional, costly response measures. Emphasize to employees all potential cyber incidents are to remain completely confidential until notified by executive leadership.

After any cyber or network security incident, your company should always perform a “lessons learned” meeting after the recovery phase has been completed to evaluate, document and refine your procedures. Include your business insurance broker in these meetings to review coverages and other resources available to ensure you are taking all the necessary risk mitigation steps to protect your data.


Share Article: