In part two of our Chattinn Cyber with with host Marc Schein, our guests, Sherri and Michael, continue talking about ransomware. They start with the question of whether or not you should actually pay the ransom. Sherri recommends making sure you have backups. Have a plan to resecure your data even if you have to engage with the hackers. From the legal side, Michael recommends contacting law enforcement—but not the local police. These days, the FBI works really hard to help. It also helps to have built a relationship with federal police ahead of time. Sherri suggests looking into community partnership programs that have sprung up recently.
Regarding police takedown, Sherri explains that some leading ransomware gangs have recently been taken down, including Emotet. Emotet was one of the leading technological threat distributors. With Emotet on your computer, all your information could be stolen within 15 minutes. And then they could simply nuke it all with the Ryuk ransomware. Members of that very gang have been arrested. Emotet will uninstall itself by April of this year.
A lot of repair software may actually be working as malware itself. It’s absolutely vital to have expert help at every step of the way.
Sherri finishes the episode by giving a few key things to watch out for to protect yourself from ransomware:
- Exposed remote login credentials.
- Email phishing.
- Software vulnerabilities.
She recommends using two-factor authentication and a VPN. Be sure to train users to think before they click. Michael urges to do your due diligence assuming there is risk. Get ahead of the proliferation of ransomware attacks.
- Ask for proof of life if you’re going to pay the ransom on your data.
- Knowing who to contact is important.
- An advisory can help to organize your response to hackers.
- There are downsides to getting your ransomware payments insured.
- You must treat any threat as a potential data breach.
- “There’s nothing new here from a legal perspective.” – Michael (13:00)
- “We actually have seen takedowns of ransomware-as-a-service gangs.” – Sherri (22:00)
- “You have to assume that there may have been data stolen.” – Sherri (24:50)
- “You cannot figure out what the breach is without the technology side.” – Michael (26:00)
- “The second you start a letter-writing campaign, you have to be mindful of the fact that you’re creating a record for court.” – Michael (33:10)