Perform ransomware tabletop exercises

Ransomware is a huge threat. It infiltrates your computer data, restricts access to that data by encrypting it and won’t release it until you pay a ransom.

Of course, you want to do what you can to prevent a ransomware attack, but what if it does happen? Knowing how to react, how quickly to react and who needs to get involved will greatly reduce the impact of the attack.

That means documenting ahead of time things like when you should contact law enforcement, whether to involve your insurance company, whether that insurance company dictates which forensic investigation firm you need to use, who can help you determine the extent of the ransomware encryption and what messaging is appropriate for employees, customers, stakeholders and others.

Next steps

  • Simulate a ransomware attack by performing a tabletop exercise: The tabletop exercise should facilitate discussion on all of the topics, such as what is impacted technically, what are your communications requirements and what are your resolution options. After these discussions, document a methodical process to respond to the ransomware attack.
  • Plan for how to make decisions about whether or not to pay the ransom: A tabletop exercise teaches participants how to identify what is encrypted and the impact to your organization. It also helps your management work through options to resolve the attack: 1) pay the ransom or 2) recover the data prior to the encryption within “X” amount of time with “X” data loss.

Test your employees’ skills at recognizing emails that may contain ransomware malware: Use software that can simulate and distribute emails that look like genuine requests from a customer when, in reality, they are attack emails. This will allow you to see where you need to provide further security awareness training, as well as help employees identify suspicious emails.

SOURCE: WIPFLI