Protecting Your Networks, and Your Brand: How to Avoid and Respond to Ransomware Attacks
May 19, 2017
Robert P. Silvers, Behnam Dayanim, and Adam M. Reich
Days have passed since enterprise and personal computing devices were first held hostage around the world by the aptly-named “WannaCry” ransomware, and a “second wave” attack may not be far off.
Ransomware is daunting, but make no mistake: it is preventable. Below we outline how to protect your company, and how to respond if attacked.
What is Ransomware?
Ransomware is digital malware that locks a computing device, preventing the user from accessing data contained on the device until a ransom is paid, usually in a cryptocurrency like bitcoin. Ransomware attacks have impacted desktops, laptops, servers, and cellular phones, and in the future we expect it to hit the many connected devices comprising the Internet of Things. WannaCry was just the latest form of ransomware to hit in recent years, but the episode was unsettling because of its unprecedented scale, with hundreds of thousands of computers being targeted simultaneously.
Defending Against Ransomware
There are five general strategies that companies should consider for defending against Wannacry and other prospective ransomware attacks.
Install patches quickly. Software developers regularly make patches available to close newly-discovered vulnerabilities, but they only work if companies install them. Companies, as a standard operating procedure, should install patches as soon as possible after they are released. Companies that do not risk exposing themselves to attacks, like WannaCry, that prey on already-known and fixable vulnerabilities. If companies fail to patch and suffer consequences that adversely impact customers or commercial partners, they may face liability for negligence. Microsoft released in March a patch for the vulnerability exploited by WannaCry for its recent operating systems, and last weekend released a patch for Windows XP, an older operating system that Microsoft generally no longer supports. Companies should install these patches immediately if they haven’t already done so.
Back up data. Corporate IT teams should back up critical data at regular and frequent intervals, so that even if data is locked up by ransomware, the company will be able to access copies elsewhere.
Deploy known threat signatures. Deploy antivirus and malware signatures associated with the WannaCry threat. The United States Department of Homeland Security’s cyber operations center has posted these signatures.[i]
Develop a ransomware incident response plan. Consult with knowledgeable professionals to formulate a ransomware incident response plan so that the company can quickly and effectively respond to any infiltration. Plans should include consideration of whether to pay ransom; whether and how to interact with law enforcement and regulators; ensuring processes to restore operations quickly; development of public relations and customer relations action plans; and coordination by the legal team to understand any contractual obligations or notification requirements that may be triggered, as well as the risk of litigation resulting from the attack.
Double-down on employee training. Many ransomware attacks spread through phishing emails, which unsuspecting employees click through and allow the adversaries into the broader corporate network. Consider a policy that requires all employees with corporate email access to engage in and routinely update on counter-phishing training.
Paul Hastings is available to counsel clients through these best steps to prevent ransomware, and to guide them through the incident response, litigation, commercial disputes, and regulatory investigations that can arise when attacks do occur.
[i] United States Department of Homeland Security, United States Computer Emergency Readiness Team, Alert (TA17-132A), Indicators Associated With WannaCry Ransomware (rev. May 17, 2017), available at https://www.us-cert.gov/ncas/alerts/TA17-132A.