The current global ransomware attack that’s playing havoc with more than 200,000 computers around the world has renewed focus on crisis management strategies for cyberattacks.
These situations involve hackers installing malicious software that encrypts the target’s data. The attack threatens the victim’s ability to operate—blocking services, transactions, access to records, and other functions. Typically, the hackers demand payment in the form of virtual currency such as Bitcoin, the international cryptocurrency, in return for unlocking the data. Ransom amounts are often relatively small, tempting the victims with expedience versus long and possibly fruitless data recovery efforts and criminal investigations. Under normal conditions, most victims would never consider negotiating with criminals, but the alternative can be to watch helplessly as your business grinds to a halt and your customers face enormous financial consequences.
Hackers want to get in and out fast. Our clients find that even restoring data from their own backup sources can take days. Some companies are paying the ransom, although they don’t want to talk about it, in order to recover data more rapidly. But it can take several business days to establish a Bitcoin account. If you have hospitals and physicians, for example, who can’t access patient records and images for days, then patient care and the related revenue streams are disrupted. Some businesses will choose to pay in spite of their misgivings. The situation is further complicated by the fact that many cyberinsurance policies prohibit ransom payments, which could trigger cancellation of coverage. It’s a risky call.
My advice to businesses:
- Recognize that everyone is vulnerable
- Backup your systems strategically
- Create a Bitcoin account and hope you never have to use it