First, it’s important to understand what “ransomware” is.  Ransomware is computer malware (a malicious program) that installs secretly on a person’s computer, executes a cryptovirology attack (installs a virus) that harms the computer or data on the computer, and demands a ransom payment to restore it.  More advanced programs actually encrypt the victim’s files which make the unreadable and also demands payment to decrypt them.

The history of ransomware started around 2005 with the first know attack using a program called “Gpcoder”.  Since them, the use of ransomware has increased exponentially.

What is the best way to defend against a ransomware attack?

• Prepare in advance
• Run the appropriate anti-virus software on all critical systems
• Ensure that data is backed up onto computers not connected to your critical systems

What can an executive do to prepare for their company for a ransomware attack?

• Annual, semi-annual, or quarterly security assessment is critical. These should be conducted more often based on a company’s risk profile.  Use a dynamic approach such as multiple vendors and stagger the assessments.
• Establish a solid relationship with the company’s CISO (Chief Information Security Officer)
• Carry out all procedures required by the CISO and make sure there is company-wide compliance.
• Include the CISO on important company initiatives in order to make sure new businesses are prepared for a ransomware attack.
• Search out and establish relationships with peers in order to gather information about how others are preparing.
• The board and senior executives must put in place a ransomware response plan and practice it regularly with war-games.

Company culture is also critical.  There must be a security conscious culture adopted by at least the following stakeholder groups:

• Board of directors and senior management
• The company security organization
• The broader IT organization
• Across the entire company staff

Adequate knowledge of the company’s critical data is needed from senior management and the IT department.  Legal, risk, and compliance teams should work with the IT department to understand exactly what data is backed up, what data is business-critical, and what will happen to ensure critical data can be restored after an attack.  Continuous testing of the backup and recovery plan is essential.

Consulting with qualified third parties is another essential step to thwart ransomware attacks and prepare to respond to them.  Bringing in consultants to do thorough cybersecurity preparedness training and analysis is important.  Specifically:

• Hire a consultant to provide and independent review of the overall readiness of the organization and its plans.
• If you have counsel, hire them for the review and tie it to a legal compliance assessment, so that the initial report is privileged.
• Pick highly qualified consultants and counsel, make sure to check references, and make sure these professionals can provide good feedback and advice to the IT team, and the legal, risk, and compliance departments as well.

Following these procedures can protect your company and in the case of a ransomware attack provide a strong plan for response and recovery.