Home Involving Law Enforcement in Ransomware Response Improves Security for All
Articles

Involving Law Enforcement in Ransomware Response Improves Security for All

The number and cost of ransomware attacks continues to rise. And yet, many organizations resist involving law enforcement in ransomware response. Some fear that involving law enforcement will highlight the attack and negatively affect business reputation. Others worry that investigator demands will distract from recovery efforts.

However, reporting ransomware attacks can prove beneficial both for the reporting organization and for the general fight against cybercrime. Additionally, in some cases regulatory compliance and insurance mandates may require that organizations alert law enforcement.

Unique Challenges of Ransomware

When thieves steal money from the cash register or vandals destroy company property, business representatives contact the police as a matter of course. With ransomware, the choice of whether to report and whom to call is more complex.

To begin with, since ransomware often involves state-backed cyber-attacks, local authorities may have no jurisdiction. In addition, investigating cyber attacks requires specialized technology and skills that many agencies do not possess. And it can prove difficult to immediately determine whether an actual data security breach has occurred.

The ransom demand itself adds further wrinkles. While the FBI and other agencies strongly discourage paying ransoms, sometimes businesses feel they have no choice. But ransom payments do not guarantee data recovery and may actually increase the chance the organization will suffer another attack.

Benefits of Involving Law Enforcement in Ransomware Response

While some organizations may hesitate to report a ransomware attack to authorities, involving law enforcement brings several key benefits, including:

    • Sophisticated cyber investigation tools – Because agencies like the FBI have devoted teams specifically to fighting cybercrime, they have access to innovative resources unavailable to many organizations.
    • Ability to leverage inter-agency relationships – In addition to investigative tools, law enforcement agencies can coordinate with their partners internationally. These relationships aid both in locating stolen data and in identifying and apprehending cyber criminals.
    • Authority to issue subpoenas – Ransomware often travels through the supply chain. The FBI can issue warrants to gather critical data from third parties that may also be affected by the attack. Linking related attacks and developing a more complete picture increases the odds of finding the perpetrator.
    • Wealth of information about bad actors and current threats – Over years of cyber investigations, law enforcement has gathered deep knowledge of threat actors and ransomware variants. They may even have a decrypter on hand to help victims recover their data without contacting the attacker.
    • Improving security for all – As ransomware victims report attacks, the information helps law enforcement develop a clear picture of current threats and how to approach them. Typically, a single ransomware attack represents part of a much bigger picture. Putting the puzzle pieces together helps everyone.

How to Report a Ransomware Incident

In the event of a ransomware attack, organizations must act quickly. Know ahead of time which agencies to contact and how to reach them. In most cases, the local FBI field office represents a good place to start. Additionally, report the incident to the FBI’s Internet Crime Complaint Center. The agency does not release that information to the public.

Local authorities will typically offer only limited investigative resources. But in some cases, your state’s data breach notification laws may require that victims notify a state agency or a consumer protection agency.

Law Enforcement in Ransomware Response Just Part of Incident Response Plan

While ransomware victims should report incidents immediately to law enforcement, this forms just one piece of a comprehensive response. Take time before an incident occurs to create an incident response plan. This plan will include steps to identify, contain and eradicate the threat. It will also involve communication plans and recovery procedures.

The cybersecurity experts at eMazzanti stand ready to assist organizations in identifying security risks and implementing strategies to prevent ransomware. They will help you build an incident response plan to address threats proactively, minimizing the possible damage.

Download Article PDF

Free Cyber Security Assessment

The time is NOW to begin planning your Cyber Security Strategy

LEARN MORE

Understanding the Cyber Kill Chain

ebook

DOWNLOAD

Ransomware in the Cloud

Video/Conference

WATCH THE VIDEO

 

Cloud Services New York City

Share
Published by
Cloud Services New York City
Tags: Cybersecurity TipsRansomwareRansomware Attacks
3 years ago

Recent Posts

Top 5 Collaborative Tools in Microsoft 365 Drive Productivity and Innovation

In today’s fast-paced digital landscape, businesses cannot thrive without effective collaboration. Microsoft continues its unwavering…

17 hours ago

7 Essential Contact Information Tips for Email Signatures to Enhance Your Professional Image

An email signature accomplishes much more than simply telling readers who you are and how…

1 week ago

Maximizing Threat Response Efficiency with Security Copilot

Cyber security professionals work hard to safeguard companies’ information. But with criminals constantly changing their…

2 weeks ago

Why should a firm use DMARC? What is the need?

Domain-Based Message Authentication, Reporting, and Conformance (DMARC) is an e-mail security protocol designed to validate…

3 weeks ago

eCare Cloud Backup is in fashion. It’s the new you!

My job is to manage my law office’s cloud servers here at Justice Freaks.  As…

4 weeks ago

I Think I’m Dating an AI

My worst nightmare would be to date someone who isn’t who they say they are.…

4 weeks ago