Recovery can be faster and easier if a company understands and prepares for the full impact of a ransomware attack. Leaders, however, are often unprepared, particularly regarding the critical communications required to notify and instruct all stakeholders impacted by an attack. Leaders must reconsider their approach to ransomware and extortion.
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Communication is Key to Addressing Ransomware and Extortion.pdf
1. 6/21/22, 6:38 PM Communication is Key to Addressing Ransomware and Extortion
https://itsecuritywire.com/featured/communication-is-key-to-addressing-ransomware-and-extortion/ 1/2
Communication is Key to Addressing Ransomware
and Extortion
Recovery can be faster and easier if a company understands and prepares for the full impact of a ransomware
attack. Leaders, however, are often unprepared, particularly regarding the critical communications required to
notify and instruct all stakeholders impacted by an attack. Leaders must reconsider their approach to
ransomware and extortion.
A traditional approach to a ransomware attack is generally focused entirely on a technical assessment. However,
ransomware’s consequences stretch far beyond security housekeeping and a system reboot. There is sometimes a
disconnect between what needs to be done and conveyed within the organization and existing incident response
plans. Leaders must understand that ransomware is a business risk, not just a cybersecurity one, and they must
take the appropriate actions properly to deal with any crisis.
Ransomware Strategies Evolve
Although ransomware has been here for a long time, the strategies and objectives of threat actors have recently
evolved. They sometimes choose targets based on political considerations rather than monetary gain. Due to the
ideological divide, many underground players have called for the return of ransomware threat groups to the
mainstream underground and targeting entities, particularly in government, banking, and critical infrastructure
industries.
New Strategies Open the Door
New threat actors are also bringing new ideas and methods to the table. Some attacks, for example, are more
devastating than disruptive, deleting or causing damage to backups. This nullifies Plan B and makes it more
difficult for a compromised target to recover. It can also harm a company’s reputation and credibility.
Access to “plug-and-play” technologies, such as Ransomware-as-a-Service (RaaS) products that can be readily
purchased on the Dark Web and deployed, makes life easier for threat actors. There’s also great interest in network
access sales, wherein hackers sell a shortcut to a hacked network to smart and experienced threat actors for a
fee.
By Prangya Pandab - June 20, 2022
2. 6/21/22, 6:38 PM Communication is Key to Addressing Ransomware and Extortion
https://itsecuritywire.com/featured/communication-is-key-to-addressing-ransomware-and-extortion/ 2/2
One of the emerging flavors of ransomware is extortion, wherein threat actors launch a public, corporate
disinformation campaign targeted at undermining confidence and public faith in a company.
When an organization refuses to pay a ransom, threat actors directly approach individuals whose information has
been stolen. As a result, companies may have to protect themselves against a broader ecosystem of stakeholders
while dealing with cyber challenges and getting their business back up and running.
Also Read: Safeguarding the Organization Against Ransomware and Cyber Extortion
According to Accenture’s “2021 Cyber Threat Intelligence Report,” there was a year-over-year increase of 107
percent in ransomware and extortion attacks and a 33 percent increase in intrusion volume from extortion and
ransomware. These increasing threats put a strain on traditional crisis management, highlighting the significance
of coordinated communications and planning.
Bridging the Communication Gap
When all aspects of a company work together, the entire company benefits. Tabletop exercises are common
among cybersecurity professionals, but they should be expanded to include executive-level exercises. This allows
businesses to test their security against a ransomware attack in front of their stakeholders, simulating the
intensity and risk of a “real-life” attack.
An organization’s recovery can be hampered if it takes an uncoordinated first step. Companies can prevent the
domino effect by defining a playbook and providing a clear plan for the entire business, directed by the C-suite.
Maintaining regular cybersecurity patching hygiene processes and incorporating an intelligence-driven strategy to
attack surface management and vulnerability programs are critical to averting ransomware. To be more resilient,
businesses must better understand their internal reporting duties and operate in a thoughtful, transparent, and
factual manner.
For more such updates follow us on Google News ITsecuritywire News
Prangya Pandab
https://itsecuritywire.com/
Prangya Pandab is an Associate Editor with OnDot Media. She is a seasoned journalist with almost
seven years of experience in the business news sector. Before joining ODM, she was a journalist with
CNBC-TV18 for four years. She also had a brief stint with an infrastructure finance company working for
their communications and branding vertical.