Responding to Ransomware: Police, Pay, or Panic?

ransomware response plan
In today’s digital landscape, the threat of ransomware looms large, posing a significant risk to businesses and organizations of all sizes. Ransomware, a malicious form of cyber attack, can swiftly encrypt critical data and hold it hostage until a ransom is paid. These attacks can disrupt operations, compromise sensitive information, and inflict financial losses. In the face of this evolving threat, having a robust ransomware response plan is imperative.

At Cumulus, we understand that responding to ransomware is complicated.  With the continuing increase of successful cyber attacks against small businesses, we hear a lot of debate on two aspects of your ransomware response to a successful attack.

  • Should you contact law enforcement?
  • Should you pay the ransom?

Both of these questions have pros and cons. How and when you answer these questions can have a long-lasting impact on you and your business. Read on to learn about top ransomware response plans, how to prevent a ransomware attack, and other vital information to keep you and your business safe.

Ransomware Incident Response Strategies

Involving Law Enforcement

The debate about if and when to contact law enforcement often centers around what happens after law enforcement gets involved.  Typically, you would contact your local police department which, in turn, would contact the cyber crimes unit of your state police (if your state has one) and/or the FBI. You can also report a ransomware attack directly to the FBI or the Cybersecurity and Infrastructure Security Agency (CISA).

The biggest risks to involving law enforcement are the effects of a criminal investigation. You may not be able to repair and rebuild your systems until a forensic investigation is complete. In some cases, your computers may be considered evidence as part of a criminal investigation. By delaying your access to your computers, these actions can disrupt your ability to recover those systems.

The biggest advantages to involving law enforcement is the assistance the cyber security agencies can provide during the investigation and recovery. The FBI Cyber Division, CISA, and the National Cyber Investigative Joint Task Force can help identify the specific attack. For known variants, they often have valid decryption keys.  If involved quickly enough, the FBI and other agencies have a history of recovering at least some ransoms and thefts (e.g. the Colonial Pipeline incident).

If you have cyber insurance, you may not have a choice about reporting the attack to law enforcement.  Your carrier may require you to involve law enforcement as a condition for processing your claim. Your insurer may also mandate a forensic analysis to fully understand the scope of the attack and the necessary steps to recovery.

Paying the Ransom

Responding to ransomware, you want to move quickly and correctly. Wiping and rebuilding systems, restoring your data from backups, and recreating missing or damaged data takes time and money. Decrypting the data can be faster and easier.  Paying the ransom is tempting. Your insurance carrier may also pressure you to pay the ransom to lower the cost of the claim.

Before you pay a ransom, consider the following:

  • As noted above, law enforcement may already have decryption key;
  • It is a funding mechanism for hackers to carry out future and repeated attacks;
  • Paying a ransom does not guarantee you will receive a decryption key;
  • Even with the decryption key, you may not be able to recover all of your data;
  • Attackers will often demand additional payments to prevent the release of stolen information; and
  • Paying the ransom is likely to be a federal crime as it may be funding hostile nations, terrorism, human tracking, or child exploitation.

To the latter point, paying ransom to an organization or government on a sanctions list, including those tied to terrorist activities, violates US law (18 USC 2339A, 2339B, 2339C). In October of 2020, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued a warning that “Ransomware Payments with a Sanctions Nexus Threaten U.S. National Security Interests” and could result in civil and criminal actions.

Recommended Actions For a Ransomware Response

When responding to ransomware, you will need to work with your cyber insurance carrier. Contacting law enforcement early is more likely to help your recovery than hinder it.

  • Additional expertise
  • Simultaneous investigation/forensics with your insurer
  • The possibility of known decryption keys for your ransomware variant
  • The ability to cover lost or stolen funds
  • The potential identification of the source of the attack

These benefits can mitigate the damage and help speed recovery.

Paying the ransom should always be a last resort. To avoid violating US law and facing the risk of criminal charges or civil sanctions, paying a ransom should not be done without consulting law enforcement.

For more information about cyber security and protecting your business, visit our Resource Center, or schedule an introductory call with one of our Cloud Advisors.

 

Cumulus Global Receives Inc.’s Inaugural Power Partner Award

2022 Inc. Power Partner AwardNew award highlights B2B partners that support startups across all business functions and empower growth

WESTBOROUGH, MA, November 22, 2022 – Cumulus Global is honored to be recognized by Inc. Business Media with a listing on the inaugural Power Partner Award list. The awards honor B2B organizations across the globe with proven track records supporting entrepreneurs and helping startups grow. The list recognizes 252 firms in marketing and advertising, health and human resources, technology, finance, and security, and other areas of business.

“We are proud of the recognition in both the Cloud Computing and IT Management and Systems categories,” stated Cumulus Global CEO Allen Falcon. “Our team deserves the credit. The Power Partner Award recognizes our team’s consistent focus on quality services and impactful business results.”

All 252 companies received top marks from clients for being instrumental in helping leadership navigate the dynamic world of startups. These B2B partners support entrepreneurs across various facets of the business, including hiring, compliance, infrastructure development, cloud migration, fundraising, etc., allowing founders to focus on their core missions. 

“Trusted B2B partners provide guidance and expertise that founders rely on at various steps of their organization’s journey. Partners that possess a demonstrated ability to deliver quality support are at the core of entrepreneurship and help bring big ideas to life,” says Scott Omelianuk, editor-in-chief of Inc. Business media. 

Cumulus Global has helped over 1,500 small and midsize organizations move core productivity services into Google Workspace and Microsoft 365. By understanding clients’ business objectives, Cumulus Global helps companies drive efficiencies and growth by leveraging secure, managed, cloud services and solutions. Cumulus Global services businesses, from solopreneurs and family-owned businesses to fast-growth startups and mature enterprises across multiple industries and markets.

About the Power Partner Awards

Inc. partnered with leading global social and media intelligence platform Meltwater to develop a proprietary methodology that uses sentiment from online conversations about organizations and translates it into numerical scores. Judges evaluated companies on commitment, reliability, trust, creativity, supportiveness, and other virtues that offer value to clients. Inc. gathered client testimonials as part of the process. 

To view the complete list, go to: https://www.inc.com/power-partner-awards/2022

The November 2022 Issue of Inc. magazine is available online now at https://www.inc.com/magazine and on newsstands.

Read more