Ransomware is a type of malware that restricts access to your data by encrypting it. The bad actor will require the victim to pay a ransom in order to regain access to their own data. Perpetrators don’t care what industry you are in; they know an organization’s data is highly valuable to that specific organization. It’s part of why ransomware attacks are on the rise and currently are the most prominent malware threat.

Understanding what to do when an attack occurs by simulating the attack will help ensure that employees know their responsibilities, that critical communication will occur and that the incident will be resolved timely.

When you know how to react, how quickly to react and who needs to get involved, you can greatly reduce the impact of the ransomware attack. You’ll want to answer these common questions:

When should you contact law enforcement?
Does the insurance company need to get involved? Are they dictating which forensic company you use?
Who can help you determine the extent of the malware encryption?
What do you tell your employees, customers, clients, patients and/or stakeholders?
If you’re able to document and anticipate the activities that will need to take place during an attack, you’re then able to help ensure all groups can resolve the incident as soon as possible and address all aspects of an attack.

Next steps

Simulate a ransomware attack by performing a tabletop exercise: An exercise allows participants to walk through each step and learn how to identify what is encrypted, what is the impact to the organization and what options they can offer management for resolving the attack. (e.g., pay the ransom or recover the data prior to the encryption within X amount of time with X data loss). The tabletop exercise should allow discussion on all topics, such as what is impacted technically, communications requirements and resolution options. Once you discuss the exercise topics, document the process to respond to the ransomware attack. Should one occur, you’ll have a methodical process to follow.

Test your employees’ skill at recognizing emails that may contain ransomware malware: Use software that can simulate and distribute emails that look like genuine requests from a customer when in reality they are attack emails so that you can understand the areas of exposure internally. Initiate the emails in a testing mode.