Don't Let Ransomware Ruin Your Day

Don't Let Ransomware Ruin Your Day

Don't Let Ransomware Ruin Your Day 1232 928 Mark Arnold

Ransomware remains an evolving threat, and being prepared with a solid incident response (IR) plan is crucial for any organization, especially financial institutions. When ransomware strikes, the clock starts ticking, and every minute counts. One of the most critical aspects of a successful response is ensuring that communication channels are clear and all necessary parties are informed.

The Importance of Incident Response Communication

In a recent ransomware notification scenario, our regional DHS office closed the case, noting that it fell under federal agency jurisdiction. This highlights a common challenge: knowing which agencies are responsible for different aspects of cyber incidents. If not prepared, the time lost in sorting out these details can be detrimental to mitigating the threat. Therefore, one of the most important elements of a response plan is knowing which entities to contact and having those relationships established ahead of time.


Here are a few steps to ensure effective communication and a well-coordinated response:

Define a clear communication strategy internally and externally. Ensure that your incident response team knows who to contact and when. Identify key stakeholders—both inside and outside your organization—that need to be alerted when ransomware is detected.

In many ransomware incidents, contacting local FBI offices is critical. They are often the first point of contact for cyber-related crimes and can guide you through immediate steps. Additionally, resources such as the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) may come into play. However, knowing the specific jurisdiction of each agency can save valuable time. For example, regional DHS offices might escalate certain cases to federal agencies, as we experienced. Be prepared for these nuances in jurisdiction.

Cyber insurers can provide immediate advice, but they may not always be in sync with federal or local authorities. They often have their own incident response protocols, which may differ from law enforcement or government agency processes. Understanding these differences in advance can prevent confusion and delays.

Establish contact with local cybersecurity organizations and law enforcement. The National Cyber-Forensics & Training Alliance (NCFTA) and platforms like nomoreransom.org can provide tools to help decrypt files or recover data without paying the ransom. Involving local resources early can help you avoid gaps in communication and response.

Credit unions, in particular, should keep an eye on cybersecurity advisories from their CORE vendors. These vendors often release crucial information on ransomware threats targeting financial institutions. Being part of information-sharing groups like the National Credit Union Information Sharing & Analysis Organization (NCU-ISAO) can ensure that you are always updated on the latest threats and solutions.

One of the best proactive measures is joining groups such as the NCU-ISAO or broader ones like the National Council of ISACs (Information Sharing & Analysis Centers). These organizations provide early warnings, best practices, and information on emerging threats. They also serve as conduits to law enforcement and federal agencies, helping to ensure that your response is swift and well-informed.


Conclusion

A well-coordinated ransomware response hinges on your communication strategy. Knowing who to contact, understanding which agencies are responsible, and leveraging local resources can prevent missteps. For credit unions, staying plugged into advisories from CORE vendors and participating in information-sharing groups like the NCU-ISAO can ensure that you are always prepared when ransomware strikes. Time is of the essence during a ransomware attack, and having a clear, predefined response plan can make all the difference in protecting your organization’s data and reputation.

Empowering Organizations to Maximize Their Security Potential.

Lares is a security consulting firm that helps companies secure electronic, physical, intellectual, and financial assets through a unique blend of assessment, testing, and coaching since 2008.

16+ Years

In business

600+

Customers worldwide

4,500+

Engagements

Where There is Unity, There is Victory

[Ubi concordia, ibi victoria]

– Publius Syrus

Contact Lares Consulting logo (image)

Continuous defensive improvement through adversarial simulation and collaboration.

Email Us

©2024 Lares, a Damovo Company | All rights reserved.

Error: Contact form not found.

Error: Contact form not found.

Privacy Preferences

When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Some types of cookies may impact your experience on our website and the services we are able to offer. It may disable certain pages or features entirely. If you do not agree to the storage or tracking of your data and activities, you should leave the site now.

Our website uses cookies, many to support third-party services, such as Google Analytics. Click now to agree to our use of cookies or you may leave the site now.