Ransomware attack! The word is likely to send a chill down the spine of every member of management and IT staff in an organization. The consequences of a ransomware attack are often devastating and, in the worst case, can threaten the very existence of a company. Since the beginning of the year, numerous companies and public organizations have once again been affect and have had to cope with the serious consequences. Recently, the renown Lürssen shipyard made headlines after it was revealthat it had fallen victim to a ransomware attackand data protection .
This blog post addresses the (typical) causes and effects of ransomware attacks, as well as the measures that those responsible should take immediately after becoming aware of the incident. The focus is on data protection aspects and other measures that can help manage the crisis and minimize the risk of further incidents.
Ransomware, what is it?and data protection
Attackers often use phishing campaigns (fake emails designed to trick users into entering their data) to obtain user data and passwords to prepare for the attack. This often occurs some time before the actual ransomware attack. The attackers then use additional tools (e.g., malware) and exploit system vulnerabilities to compromise privileged user accounts with extensive permissions (admin accounts) and access and encrypt the organization’s (sensitive) data. To prevent the affected organization from restoring data using backups, new zealand business fax list the attackers first delete or encrypt the backups. Only then is the data on the production systems encrypt. Increasingly, attackers extract large amounts of data or sensitive data before encrypting the data and leaving a blackmail message.
What should be done
Ideally, your organization has taken precautions and developed an emergency plan for such scenarios . In this case, the responsible persons should be inform immediately, and the emergency plan protocol should be follow. However, whatsapp number: unleashing the potential of modern communication the reality, especially in medium-siz businesses and public bodies, is often quite different . Therefore, the following describes various measures that should be implement from a data protection perspective and can help limit the damage to the organization and those affect.
1. Keep calm
IT managers (information security officers, IT direc immediately (if they haven’t already). The same applies to affected backup systems. Infected devices should be disconnect from the network immediately to prevent further infection and encryption. Logging in with privileg user accounts (administrator accounts) on a potentially infect system is strongly discourag!
2. Restore work capacity
The primary goal is to restore operational capability and encrypted data records as quickly as possible. To achieve this, it will first be important to analyze the extent to which existing backups can be us, whether decryption is possible using alternative methods, united states business directory or whether a completely new IT infrastructure must be set up.
3. Inform the data protection officer
If a data protection officer has been appointed, they should be informed of the incident immediately. As a rule, a ransomware attack constitutes a data protection breach that poses risks to the data subjects and must be report to the responsible supervisory authority within 72 hours in accordance with Art. 33 GDPR. However, this always depends on the specific individual case and should therefore be assess by the data protection officer. A delayreport can have drastic consequences, so early involvement of the data protection officer is extremely important. This is also demonstrat by the recently announ fine of almost €220,000 from Norway (we also reporton this topic here ). It is also important to examine whether the ransomware attack also poses a high risk to the data subjects. In this case, in addition to reporting to the responsible supervisory authority, the data subjects must also be notifie.
4. Form a crisis team
A crisis team with appropriate staffing should be form to coordinate the entire crisis management effort. Furthermore, the data protection officer should be involv in planning the alternative communication structure.
5. Develop a communication strategy
Develop a clear and consistent communication strategy for internal and external communications. This is extremely important for handling the incident professionally.
6. File a report
It is therefore advisable to file a report immediately. The responsible investigative authorities can provide valuable input in clarifying the attack and the perpetrators’ usual modus operandi. If the attacker group is already known, the investigative authorities often also take over screening the dark web for possible data leaks. Information on the police’s Central Cybercrime Contact Points (ZAC) can be found here .