First Response to Ransomware Attacks

A month ago, hackers attacked the US IT service provider Kaseya and its 40 or so major customers with a ransomware attack. They paralysed the cash register systems of the Swedish supermarket chain Coop and demanded a ransom to release the data and systems of all customers. How can companies deal with ransomware attacks? What is the response to ransomware attacks? We talk about this in an interview with Helmut Brechtken, who is a partner at the Deloitte GmbH and advises companies on digital forensic incident response.

Mr Brechtken, what is a ransomware attack and what risks does it pose to individuals and companies?

Brechtken: A ransomware attack is a cybercrime attack that encrypts the data of the attacked company. The cybercriminals demand a ransom to decrypt the data. The risks for companies consist in the total loss of company data, usually associated with a business interruption lasting a few days or even longer. There is a threat of further consequences such as contractual penalties or the publication of the data by the cybercriminals.

How should those affected react in the situation?

Brechtken: Those affected in the companies are often in an extremely exceptional situation and, for the most part, do not yet have any experience in responding appropriately to a ransomware attack. Since wrong decisions can be fatal, fast and professional help and advice on cyber incident response, digital forensics and data protection are essential. In this way, affected companies initiate an ideal initial response and limit the risks for the company.

How can companies or organisations protect themselves in the long term and avoid attacks?

Brechtken: Companies should pursue two approaches in parallel. They should prepare for an emergency with external advice and also practice it once with a crisis team and emergency plans. It is not a question of whether one will be affected, but when that will be the case. Ransomware attacks are currently by far the most frequent form of cyber-attack and, unfortunately, often successful, as can be seen in the information provided by the German Federal Office for Information Security (BSI).
In addition, companies should sustainably improve their own cybersecurity situation in order to successfully fend off attacks. This requires a broad bundle of measures: Patch management, secure authentication, “bulletproof” data backup or even awareness training for all employees, ideally tailored to the company.

Thank you very much for the interview!

On 16 September, Helmut Brechtken and Chris Lichtenthäler, Deloitte GmbH, will talk about “Ransomware – A look behind the scenes“ (in German) at the Internet Security Days 2021. You can get more information on the topic at our two-day expert conference on the subject of IT security. You can get tickets here.

First Response to Ransomware Attacks