Reducing Ransomware Risks

Ransomware has emerged as one of the greatest cybersecurity threats facing organizations and individuals in all industries. According to at least one study, the number of ransomware attacks has skyrocketed from 3.8 million in 2015 to 638 million in 2016. The numbers also do not tell the full story of how crippling these attacks can be. 2017’s WannaCry attack shut down health care institutions and manufacturing plants causing untold financial damage and threatening people’s lives. But can businesses and individuals protect against these threats?The short answer is yes. As the attached infographic from Dykema’s Privacy and Data Security Group shows, companies can take a number of steps to reduce the risk, or the impact, of a ransomware attack. Here’s what businesses can do:

• Preventative Measures: Many ransomware attacks exploit known vulnerabilities in computer systems or ill-trained employees and may be prevented in the first place. Organizations should put into place, and regularly update, employee training and awareness programs, e-mail filtering, end point controls, network controls, robust patching programs and threat intelligence analytics.
• Mitigation Measures: There are a number of steps that can be taken before an attack that may help reduce the impact, including regular data backups, quick restore capability, ensuring all members of the organizations have the least privileged access, developing a well-defined incident response and crisis management plan and conducting war game simulations.
• Contain, Eradicate and Recover: Even the best planning cannot guarantee that an organization will prevent a ransomware attack. To limit the damage of the attack, organizations must be prepared to quickly evaluate the incident, isolate the infected station, identify the scope of the infection and the kind of ransomware, consider contacting law enforcement and respond by either restoring your systems, decrypting the system, ignoring the demand or paying the ransom to get back to normal operations.
• Lessons Learned: Finally, if you were hit with a ransomware attack make sure your organization conducts a robust “lessons learned” exercise. Evaluate your response, create a detailed report and implement recommendations and improvements so that the attackers cannot exploit the same vulnerabilities again.

Ransomware attacks have exploded in popularity due to their incredible success against organizations and individuals. However, by implementing the recommendations above, organizations can help reduce their risks.

For more information about ransomware attacks or other privacy and data security issues, please contact Cinthia Granados Motley (312-627-2107 or cmotley@dykema.com), Erin Fonté (512-703-6318 or efonte@dykema.com) or your Dykema relationship attorney.