The number and cost of ransomware attacks continues to rise. And yet, many organizations resist involving law enforcement in ransomware response. Some fear that involving law enforcement will highlight the attack and negatively affect business reputation. Others worry that investigator demands will distract from recovery efforts.
However, reporting ransomware attacks can prove beneficial both for the reporting organization and for the general fight against cybercrime. Additionally, in some cases regulatory compliance and insurance mandates may require that organizations alert law enforcement.
When thieves steal money from the cash register or vandals destroy company property, business representatives contact the police as a matter of course. With ransomware, the choice of whether to report and whom to call is more complex.
To begin with, since ransomware often involves state-backed cyber-attacks, local authorities may have no jurisdiction. In addition, investigating cyber attacks requires specialized technology and skills that many agencies do not possess. And it can prove difficult to immediately determine whether an actual data security breach has occurred.
The ransom demand itself adds further wrinkles. While the FBI and other agencies strongly discourage paying ransoms, sometimes businesses feel they have no choice. But ransom payments do not guarantee data recovery and may actually increase the chance the organization will suffer another attack.
While some organizations may hesitate to report a ransomware attack to authorities, involving law enforcement brings several key benefits, including:
In the event of a ransomware attack, organizations must act quickly. Know ahead of time which agencies to contact and how to reach them. In most cases, the local FBI field office represents a good place to start. Additionally, report the incident to the FBI’s Internet Crime Complaint Center. The agency does not release that information to the public.
Local authorities will typically offer only limited investigative resources. But in some cases, your state’s data breach notification laws may require that victims notify a state agency or a consumer protection agency.
While ransomware victims should report incidents immediately to law enforcement, this forms just one piece of a comprehensive response. Take time before an incident occurs to create an incident response plan. This plan will include steps to identify, contain and eradicate the threat. It will also involve communication plans and recovery procedures.
The cybersecurity experts at eMazzanti stand ready to assist organizations in identifying security risks and implementing strategies to prevent ransomware. They will help you build an incident response plan to address threats proactively, minimizing the possible damage.
In today’s fast-paced digital landscape, businesses cannot thrive without effective collaboration. Microsoft continues its unwavering…
An email signature accomplishes much more than simply telling readers who you are and how…
Cyber security professionals work hard to safeguard companies’ information. But with criminals constantly changing their…
Domain-Based Message Authentication, Reporting, and Conformance (DMARC) is an e-mail security protocol designed to validate…
My job is to manage my law office’s cloud servers here at Justice Freaks. As…
My worst nightmare would be to date someone who isn’t who they say they are.…