Help! I've Been Ransomed

15 May 2017

In recent days the world has witnessed its first global and coordinated ransomware attack. Unprecedented in scale, the ransomware has successfully targeted everything from UK hospitals, European transport and infrastructure systems, Chinese universities and Russian banks.

For organisations who have carried out thorough Cyber Security assessments and implemented a suite of Cyber Security measures, the threat posed by this ransomware will be minimal. After all, ransomware is one of the most common cyber-attacks. Being ransom aware and having a ransom plan in place as part of a wider Cyber Security strategy will help organisations navigate any challenges in the event they are breached.  

But what about those organisations who don’t yet have a Cyber Security strategy and find themselves vulnerable to this kind of ransomware attack? In this instance, speed is of the essence and implementing the following high-level steps will help make all the difference:

  1. Establish your incident response team. You will need stakeholders from all areas of the business: C-level, IT, legal, PR and even external advisers. Preparation is key here as you can lose valuable hours against the ransom clock in just preparing your team.
  2. Work with your IT team to understand what data backups you have in place, and when the last transfer of data was made. For example, if data was last backed up a month ago, then the organisation will have lost that months’ worth of data. This will also play a huge factor in deciding on how to respond to the ransom.
  3. Contain the situation internally and have your media response ready. During Friday’s NHS attack hundreds of employees took to Twitter posting screenshots of the ransomware on their computers; a reputational nightmare that also risks inviting further attacks.
  4. Notify employees of what’s happening and ask them to be extra vigilant, especially clicking on links and opening e-mail attachments. Bear in mind that having been infected with ransomware, your organisation is at its most vulnerable.

As with most things cyber related, preparedness is the ultimate key to both thwarting and dealing with a cyber-attack. While some successful attacks will take advantage of technical weaknesses, the vast majority are the result of human vulnerabilities. Creating a Human Firewall by training your staff on common Cyber Security threats will help prevent most forms of Ransomware. Furthermore, in the event of a successful breach a robust human defence will ensure a robust organisational response.

Receive our monthly newsletter

About the Author

Paul Price

Senior Associate, Cyber

Paul is a passionate and trusted cyber security professional specialising in advising some of the world's most influential people, protecting their businesses and reputations from the latest cyber threats.

+1 646 934 6219
Our 24 hour number
+1 646 934 6219
Legal information

© 2020 Schillings International LLP. SCHILLINGS is a trading name of Schillings International LLP and Schillings International (USA) LLP.

Schillings International LLP is a limited liability partnership registered in England and Wales with registration number OC398731. A list of members of Schillings International LLP is available for inspection at our registered office 12 Arthur Street, London, EC4R 9AB. Schillings International LLP is an Alternative Business Structure regulated and authorised by the Solicitors Regulation Authority.

Schillings International (USA) LLP is a registered limited liability partnership organised and existing under the laws of the State of Delaware, United States of America, whose principal place of business is at One World Trade Center, Suite 8500, New York, NY 10007. Our New York based attorneys are registered as a foreign legal consultant in the State of New York.