HOW TO SURVIVE A RANSOMWARE ATTACK

With the ever-increasing prevalence of ransomware attacks across industries and economies in recent years, preventing and preparing for such incidents has become a board-level concern.

According to a recent security report by Check Point, there was a 93 percent increase in ransomware attacks in the first six months of 2021 alone. This included the high-profile Colonial Pipeline outage in May, which targeted the organisation’s computerised equipment responsible for managing a critical oil pipeline. The disruption resulted in short-term fuel shortages across certain parts of the US.

Such incidents highlight the potentially systemic operational risks that ransomware poses to organisations across industries. These risks are being further exacerbated by the growing sophistication of the criminal organisations responsible for these acts.

For instance, in addition to encrypting key systems and infrastructure, it is increasingly common for threat actors to concurrently exfiltrate sensitive data from an organisation’s systems. This provides a dual extortion threat, with the victim facing the prospect of ongoing business disruption and the possibility of confidential or personal data being released into the public domain if it refuses to pay the ransom.

While taking active steps to prevent such attacks from being successful should form the first line of defence for any organisation, experience shows that even the most sophisticated cyber security programmes will not extinguish all threats. It is therefore critical that compliance and information security teams take proactive measures to ensure they are fully prepared for any eventuality.

Establish an incident response team

In the first minutes after a ransomware attack is detected, it is vital that the relevant personnel within the organisation know who will be responsible for managing the response and that processes are in place to immediately assemble those individuals.

Oct-Dec 2021 Issue

Hogan Lovells