“I’ve been infected by Ransomware… What do I do?” 

- by -

Nick Ashton

Following the publication of recent guidance on being hit with ransomware by ABI, BIBA, IUA and the NCSC and their stance on paying, we have reviewed the article and added our own experience of handling ransomware attacks, including negotiations with the threat actors, to provide this step-by-step plan to mitigate operational damage, remain calm and guide your organisation through this difficult moment. 

  1. Don’t Panic: Take time to assess the situation and review options before making any decisions. 
  1. Review Alternatives, Including Not Paying: Explore alternatives such as backups or decryption keys from third parties before considering payment. 
  1. Record Decision-Making: Maintain a careful record of incident response, decisions made, and actions taken for post-incident review and regulatory purposes. 
  1. Consult Experts: Seek advice from objective external experts such as insurers, law enforcement, or cyber incident response companies. 
  1. Involve the Right People: Ensure that decisions involve relevant stakeholders across the organisation, including technical staff. 
  1. Assess Impact: Understand the impact on business operations, data security, and financial costs before deciding whether to pay. 
  1. Investigate Root Cause: Determine the source of the compromise and take mitigation actions to prevent future attacks. 
  1. Be Aware of Limitations: Understand that payment does not guarantee immediate access to devices or data. 
  1. Consider Legal and Regulatory Implications: Evaluate legal and regulatory considerations before making any payments. 
  1. Report the Incident: Organisations should report ransomware attacks to UK authorities to receive support and potentially mitigate regulatory penalties. 

NorthCap Cyber’s Managing Partner Samuel Brown offers his views over and above the above guidance: 

“This concise advice is truly valuable, even for the larger organisations out there. The article is well-worth a read for anyone who plays any role in incident response planning or in making decisions when the proverbial hits the fan. 

One element that really stands out to me is the points made on recording everything you do whilst dealing with the incident at hand. From experience, it is the first thing that company’s neglect – to their cost. Keeping a log of decisions made, who made them, how they were reached, is all critical to feeding into lessons learned, and can help to provide order and structure to what can feel like complete chaos in a real-world scenario.” 

Samuel Brown
Managing Partner

If you are reading this and feel that your organisation is not prepared to handle a ransomware incident effectively, contact us. We work with organisations around the globe to proactively prepare for cyber-attacks to ensure they can effectively detect, respond, and recover from incidents such as Ransomware to minimise fines, lost revenue, and reputational harm. 

The full article referenced can be accessed here  https://www.ncsc.gov.uk/guidance/organisations-considering-payment-in-ransomware-incidents 

Ready to get started?