Infected by Ransomware? Now What???

Today is another busy day with more emails than you have time, but you are “in the zone” and cleared more than half by lunchtime. Suddenly, after clicking a link on your screen, your keyboard is unresponsive, and your computer is frozen! Confusion, fear, contempt, anxiety, and anger are now coursing through your mind and body. The only thing visible on the monitor is a lock, a timer, and a message requesting payment via cryptocurrency transfer to an unknown address. For those who has experienced, currently experiencing, or will experience such a situation – this article is for you.

A typical victim involuntarily downloaded an unknown software program from an online source which will prevent access to files, computer (hardware), and/or system. If your system becomes inoperable or its function severely damaged by an external attack, you have specific obligations to fulfill under Indonesian laws. However, in addition to complying with the legal obligations, there are also pragmatic commercial obligations to consider so that the business can recover appropriately after the ransomware attack. We list below a practical and logical approach that we have implemented successfully.

First – Isolate “Patient Zero”

As we are in a global pandemic, we are quite aware of the health protocol involved. In any infection scenario, the first task is to identify “Patient Zero.” It is crucial to identify the device that was first infected by ransomware as that will be the starting point to identify other “connected” devices that may be infected by Patient Zero. Especially with anything are now connected through wired or wireless network, transmissions of files can easily happen with a blink of eye. You need to make sure that your patient zero is not infecting the rest of your device. To prevent further spread of the ransomware throughout your network, isolate Patient Zero (and all infected devices) by disconnecting it from other devices and the network and disabling the network wi-fi by turning off the network router. Do not forget to run antivirus to check on your remaining devices to confirm the ransomware is no longer present.

Second – Triage the Infection

After isolating all of the infected devices, it is time to triage and assess the damage. This is a defining moment as the magnitude of the damage will affect the strategy and tactics you take to address the attack. In most ransomware attacks, the most immediate and dominant concern is the resumption of the commercial activities and whether the ransom will be paid. The size of the infection will dictate the remedy that must be applied. On top of these concerns, Indonesian laws require any organization operating a website, application, or any similar electronic system must report any cyber incident caused by an external party, including ransomware, to the authorities if the incident causes the system to be inoperable as a whole or makes one of the system’s functionalities severely disrupted. If your system processes a person’s name, email, date of birth, or other personal information, you may have to notify them in writing.

Third – Prioritise Your Plan

The most challenging aspect of a ransomware attack is the feeling of lack of control. The most effective relief for this feeling is to create a proactive strategy well in advance of any attack. Once you experience an attack, time is dictated by someone else. The ransomware sender sets a deadline for the payment of the ransom. Your customers are pushing for your goods or services. If data has been lost, you will need to reconfigure old files quickly to ensure business continuity. The Indonesian laws require you to submit a report of the attack to the relevant government authority immediately, and notify the affected individuals within 14 days of the attack. Failure to comply will subject your organization to various sanctions. In the midst of these competing concerns, a clear strategy identifying all relevant parties, obligations, and deadlines will facilitate a return to business-as-usual sooner than later.

The risk of a ransomware attack is real and credible. It is no long a question of “if” but “when.” If it has not occurred yet, be grateful but be prepared. The ransomware time bomb is ticking away silently as the vulnerability of organizations has skyrocketed due to the remote working scenario that has become the standard. We are no longer protected behind the IT fortress of our office environments (dnk/bcs).

Let us help you alleviate the stress and anxiety of a potential ransomware attack. We have the relevant expertise and experience at our firm to provide you with a tailored plan. You can contact us via email at: office@kk-advocates.com.