The Clock Is Ticking: 3 Steps To Take The Moment You Fall Victim To A Ransomware Attack
“We’ve been breached.”
Those are three words no business leader wants to hear from the IT department. But make no mistake: Ransomware attacks are on the rise and have hit organizations of all types and sizes – from meatpacking plants to kindergartens to grocery stores.
In 2021, a business falls victim to a ransomware attack every 11 seconds, according to estimates from Cybersecurity Ventures. (That’s up from every 40 seconds in 2016.)
So, what to do if the unthinkable happens and you’re suddenly the victim of an attack?
“Time is of the absolute essence,” says Alexander Anglim, a partner at Santomassimo Davis LLP Outside General Counsel™ Solutions, a New Jersey-based firm with offices in New Jersey, Philadelphia, and New York. “There are a few things you have to do immediately – not tomorrow or the next day. This is a ‘drop everything and act’ type of situation.”
Here are three steps to take the moment you’re aware of a ransomware attack within your company:
1. Assemble An Emergency Team
Ideally, you’ve already mapped out which personnel would be brought together to be involved in key decisions on how to move forward. “Senior leadership and key IT people, whether they’re internal people or outside vendors, need to convene immediately so that decisions can be made quickly,” advises Anglim. Make sure all members of the team remain readily available throughout the crisis.
2. Put Your Insurer On Red Alert
If you’ve got cybersecurity insurance (which is a necessity for every company, Anglim says), “notify your insurer in an urgent way.” Because ransomware attacks are so time-sensitive, most cybersecurity insurers will have a 24-hour hotline dedicated to such emergencies. “Skip calling your broker for now and call that number as quick as possible,” he advises. Typically, the insurer will be able to give your firm access to cybersecurity experts who can diagnose the problem quickly, prevent further harm and begin the process of mapping out the recovery plan.
A solid cyber liability insurance provider will help notify customers and pay for public relations expenses as well as forensics, liability, and defense costs. In addition, providers can help restore the personal identities of affected customers, recover compromised data, repair company systems, and negotiate to pay a ransom if that’s the route your company decides to take.
3. Engage Your Legal Counsel
Over the next several hours, you’ll need a point person to coordinate who does what and outline who makes decisions and what happens next. “Your legal partner can help quarterback this process,” Anglim says.
Indeed, at Outside General Counsel™ Solutions, the firm’s well-seasoned Outside General Counsels can play many roles in helping a company navigate a ransomware attack, including engaging with the federal government and helping to determine whether you’re going to pay the ransom.
Earlier this year, FBI Director Christopher Wray stated in an interview with The Wall Street Journal that while the federal government discourages targets of such cyberattacks from paying a ransom, he also encouraged companies to cooperate with the FBI in their investigations into the attacks, to help determine who was behind the attacks and figure out ways to foil the bad actors. “There may be some resources available if you contact the FBI in a timely manner,” Anglim notes.
Again, the keyword here is “timely.” The average time it takes a company to recover from a ransomware attack and regain operation abilities is 33 hours, but companies that aren’t prepared could experience even longer recovery times.
The upshot? “Twelve hours after an attack, you should already be deep into your response,” Anglim warns. “The fate of your company depends on it.”