Ransomware is a major digital threat facing our community. Ransomware is a cyber attack where a criminal gets their software onto your device or network which then encrypts all of your data and locks you out of your devices. This renders you without access to your devices, without access to your data, and critically, it releases your data to an unknown third party. The criminals then claim to have the decryption key which can release your devices and data but they will only provide this if payment is made... hence the name ransomware.
Realising that you are the victim of a ransomware attack is a stressful situation for any organisation, but before you rush to the bank, there are a few things to consider...
Assess the impact of the attack on your business.
How can your business adapt to be able to operate while the attack is ongoing?
What data has been compromised?
Consider legal advice. Do you need to disclose the data leak to the Information Commissioners Office (ICO)? .
What is the financial impact of not paying? Consider business disruption, security improvements, staff overtime, legal expenses, penalties.
How are your staff affected? Stressful situations can affect your staff's mental health, and ensure welfare is continually considered throughout recovery.
Be aware that paying does not guarantee access to your devices or data
Remember that you are dealing with criminals, there is no guarantee that they will hold their end of the bargain.
If they do supply a decryption key, it can take a long time to get the system back in order.
Reverting to a previous backup may end up being more efficient.
Paying criminals does not count as risk mitigation and the ICO does not consider this to reduce any penalty due.
Report the incident to UK authorities.
Use this link to find out which government organisation is best to report the incident to: https://gov.uk/report-cyber.
Contact your local CRC (SWCRC) for support with signposting to NCSC advice and local trusted partners who can help you.
If you haven't already, action the SWCRC's cyber resilience beginner level guidance (Join Our Community)
Get Cyber Essentials (CE) certification. Consider Cyber Essentials Plus (CE+) which requires a physical audit of your cyber resilience.
Check to see if your supply chain is CE or CE+ certified. Consider changing suppliers or recommending CE to them.
The NCSC have a full list of considerations which you can see here: https://www.ncsc.gov.uk/guidance/organisations-considering-payment-in-ransomware-incidents.
Click to Open Code Editor