What is Ransomware and How Does it Work?
There has been a lot in the news lately about Ransomware, the fastest growing malware threat. High profile business shutdowns such as the SF Municipal Transportation Authority ticketing system and Hollywood Presbyterian Medical Center show that even large organisations are not immune to this type of attack. But what is Ransomware and how does it work?
Once ransomware is installed on a computer, it typically encrypts the data that the victim is trying to access. Then the attackers display a message on the computer explaining that the files will not be decrypted until the victim sends an untraceable bitcoin payment to the criminals.
The attackers may also try to identify more valuable information such as login credentials, customer information or intellectual property that they can exfiltrate. They typically will not encrypt or download all the data that they have access to, since there is a risk of being caught by law enforcement.
In order to minimize the impact of a ransomware attack, organisations should have a comprehensive incident response plan in place that focuses on mitigation and remediation. In addition to following the incident response steps in their written plan, organizations should consider using security software tools that can help isolate infected systems and devices from their other network components, and they should have backup systems that are not easily accessible for deletion or modification by the attackers.
Finally, they should consider bringing in an attorney at the outset of the incident so that they can follow the attorney work product doctrine and take advantage of any coverage available under their cyber insurance policy. This will also reduce the risk of exposing the company to class-action lawsuits and other legal claims by disgruntled employees.