preparing for a ransomware attack
play

Preparing for a Ransomware Attack MCCA Global TEC Forum June 19, - PowerPoint PPT Presentation

Jun 08, 2023 •30 likes •200 views

Preparing for a Ransomware Attack MCCA Global TEC Forum June 19, 2017 Monica Patel, IBM Aravind Swaminathan, Orrick, Herrington & Sutcliffe Darren Teshima, Orrick, Herrington & Sutcliffe What is ransomware? Malicious software

  1. Preparing for a Ransomware Attack MCCA Global TEC Forum June 19, 2017 Monica Patel, IBM Aravind Swaminathan, Orrick, Herrington & Sutcliffe Darren Teshima, Orrick, Herrington & Sutcliffe

  2. What is ransomware? • Malicious software • Denies users access to systems or data • Systems/data held hostage until ransom is paid • Failure to meet demands could result in data deletion Orrick | 2 June 17

  3. Ransomware evolution Orrick | 3 June 17

  4. Ransomware attack cycle Orrick | 4 June 17

  5. Trends • $1 billion industry in 2016 and growing • Bitcoin value up 3x • Cryptoware Blockers Orrick | 5 June 17

  6. Reputational Impact is Costly of consumers worry about the security of their personal information. 74.8% Temkin Group "Consumer Benchmark Survey" of consumers don’t believe organizations care about their private data 72.5% and keeping it safe and secure. HyTrust Inc., the Cloud Security Automation Company of consumers believe failure to keep customer information secure has a significant negative impact on trust in a company. 80% Edelman Trust Barometer: Financial Services Industry Actions your customers take when you falter 56% 40% 29% Political Action (sign a petition, Stop/Reduce Technology Use Social Activity (post to social contact a politician media, write an op-ed or letter) Orrick | Source: Edelman Proprietary Study, 2014 6 June 17

  7. To pay or not to pay… “The FBI does not support paying a ransom to the adversary . Paying a ransom does not guarantee the victim will regain access to their data; in fact, some individuals or organizations are never provided with decryption keys after paying a ransom . Paying a ransom emboldens the adversary to target other victims for profit, and could provide incentive for other criminals to engage in similar illicit activities for financial gain. While the FBI does not support paying a ransom, it recognizes executives, when faced with inoperability issues, will evaluate all options to protect their shareholders, employees, and customers.” Orrick | 7 June 17

  8. Is it a breach? Where PHI is “encrypted as the result of a ransomware attack, a breach has occurred because the PHI encrypted by the ransomware was acquired … and thus is a ‘disclosure’ not permitted under the HIPAA Privacy Rule.” Notification may not be required if the entity can demonstrate a “low probability that the PHI has been compromised,” • lack of attempted or actual data ex-filtration, • mitigation based on disaster recovery and data backups • use of appropriate level of encryption Must be highly diligent in their forensic analysis and risk assessment to take advantage of the notification exception: • Thorough investigation • Completed in good faith • Conclusions reasonable given circumstances • Documentation Also consider state notification rules based on “access” to personal information, such as Connecticut, Florida, Kansas, Louisiana, and New Jersey Orrick | 8 June 17

  9. Violation of FTC Act? “A company’s unreasonable failure to patch vulnerabilities known to be exploited by ransomware might violate the FTC Act.” -- (Then) Chairwoman Edith Ramirez (2016) Failure to address “pervasive security bugs” that leave systems vulnerable to malware will be a key factor in the FTC’s decision to open an investigation or pursue an enforcement action. Orrick | 9 June 17

  10. What to do? Prevention Efforts • Increase employee awareness of ransomware and role in protecting the organization’s data • Patch operating system, software, and firmware on digital devices • Automatic updates to antivirus and anti-malware solutions and conduct regular scans • Manage use of privileged accounts—assign administrative access only where absolutely needed and necessary • Configure access controls—users don’t need write-access to all information; read only ok • Disable macro scripts from office files transmitted over e-mail • Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations Business Continuity Efforts • Back up data regularly and verify the integrity of those backups regularly • Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up Orrick | 10 June 17

  11. In-House Counsel – What Should You Consider? 1. Prepare – End user education • Consider performing periodic unannounced mock phishing exercises where the users receive emails or attachments that simulate malicious behavior • End users should know who to contact and how to report possible ransomware attacks – Have a clearly defined, up-to-date incident response plan – Back up data regularly 2. Patch – Good security hygiene – Create internal corporate policies that require end users to update patches quickly Orrick | 11 June 17

  12. In-House Counsel – What Should You Consider? 3. Monitor – Maintain current antivirus and/or end point protection – Only grant permissions necessary that an end user requires to perform daily jobs 4. Respond – Detect – Analysis • Malware identification • Root cause analysis – Containment – Recovery • Restore from back up – Post-Incident Activity • What are the lessons learned? Orrick | 12 June 17

  13. Additional Considerations • Refresh incident response plan to address ransomware scenarios • Incorporate business continuity and disaster recovery plans into IRP • Conduct ransomware tabletop exercises • Engage forensic experts early; consider providers with ransomware payment programs • Conduct regular risk and vulnerability assessments • Consider endpoint monitoring technologies • Insurance Orrick | 13 June 17

  14. Insurance Considerations • Cyber Extortion Coverage for Ransomware – Provides coverage for ransom payment – Subject to certain conditions, including: • Insurer’s prior consent • Notification to law enforcement • Subject to a sublimit – Definition of “currency” • Ensure it includes cryptocurrencies, like Bitcoin Orrick | 14 June 17

  15. Insurance Considerations (cont.) • Additional Cyber Coverages May Be Implicated – First-party coverages in event ransomware disrupts business or destroys data, as opposed to simply locking down system – If ransomware is part of larger breach, and PII is compromised, breach notification and third-party liability coverage may be implicated • Notice to Insurer of ransomware : Data breach may be considered “related,” subject to a single retention. Without notice of initial ransomware, there is a risk the data breach costs may be excluded • Check Non-Cyber Policies for Coverage : e.g., crime policies Orrick | 15 June 17

  16. Thank You Aravind Swaminathan Partner Orrick, Herrington & Sutcliffe LLP T 206 639 9157 E aravind@Orrick.com Monica Patel Darren Teshima Senior Regional Counsel IBM Partner Orrick, Herrington & Sutcliffe LLP T 415 545 3246 T 415 773 4286 E patelmo@us.ibm.com E dteshima@orrick.com June 17 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Ransomware Attack Briefing Presidents Leadership Council October 21, 2019 August 8 Cyberattack

Ransomware Attack Briefing Presidents Leadership Council October 21, 2019 August 8 Cyberattack

Ransomware Attack Briefing Presidents Leadership Council October 21, 2019 August 8 Cyberattack Summary : The attack was severe and sophisticated; categorized as a catastrophic attack. It was highly strategic with regard to timing

329 views • 16 slides
What We Learned Key Takeaways from the 2018 Ransomware Attack on Colorado Department of

What We Learned Key Takeaways from the 2018 Ransomware Attack on Colorado Department of

What We Learned Key Takeaways from the 2018 Ransomware Attack on Colorado Department of Transportation February March 2018 Topics How It Happened What It Did Timeline How We Responded Business Response Cyber Incident

669 views • 20 slides
1 February 4, 2020 Ransomware works Who: Ransomware is a threat vector that is rife for bad

1 February 4, 2020 Ransomware works Who: Ransomware is a threat vector that is rife for bad

Geoff Hale 1 February 4, 2020 Ransomware works Who: Ransomware is a threat vector that is rife for bad actors, both criminal enterprises and nation-states have made use of ransomware. What: Ransomware is a type of malware that encrypts

358 views • 6 slides
Responding To Ransomware Ransomware Nightmares X by Invincea Ransomware is getting more

Responding To Ransomware Ransomware Nightmares X by Invincea Ransomware is getting more

X by Invincea Responding To Ransomware Ransomware Nightmares X by Invincea Ransomware is getting more sophisticated, and shifting to an enterprise threat Ransomware Nightmares X by Invincea To Pay Or Not To Pay? X by Invincea Your money or

780 views • 23 slides
Vembu BDR Suite Vembu Technologies 100+ Decade + G2 crowd Countries Experience Top

Vembu BDR Suite Vembu Technologies 100+ Decade + G2 crowd Countries Experience Top

Vembu BDR Suite Vembu Technologies 100+ Decade + G2 crowd Countries Experience Top Leaders-2019 www.vembu.com How to protect your business from a Ransomware attack? What is Ransomware? Types of Ransomware How it attacks? Stats for year

454 views • 16 slides
On Deception-Based Protection Against Cryptographic Ransomware Ziya Alper Gen, Gabriele

On Deception-Based Protection Against Cryptographic Ransomware Ziya Alper Gen, Gabriele

On Deception-Based Protection Against Cryptographic Ransomware Ziya Alper Gen, Gabriele Lenzini, and Daniele Sgandurra June 20, 2019 Ransomware Threat 1 Ransomware Threat 1 Deception-Based Anti-Ransomware In the context of ransomware,

507 views • 22 slides
Redemption: Real-Time Protection Against Ransomware at End-Hosts WRITTEN BY: PRESENTED BY: AMIN

Redemption: Real-Time Protection Against Ransomware at End-Hosts WRITTEN BY: PRESENTED BY: AMIN

Redemption: Real-Time Protection Against Ransomware at End-Hosts WRITTEN BY: PRESENTED BY: AMIN KHARRAZ NICHOLAS BURTON ENGIN KIRDA What is Ransomware? What is Ransomware? u Ransomware is malicious software that encrypts user data, and

718 views • 33 slides
Ransomware: DataENcryption made easy The Word Ransom = Ransom Blackmailing

Ransomware: DataENcryption made easy The Word Ransom = Ransom Blackmailing

Ransomware: DataENcryption made easy The Word Ransom = Ransom Blackmailing History 1989 AIDS TROJAN DISK distributed/infected via floppy disk developer was caught and put into jail 2005 first internet attack

748 views • 54 slides
Ransomware Overview Our analysis leads us to expect increased ransomware activity over 2016 (new

Ransomware Overview Our analysis leads us to expect increased ransomware activity over 2016 (new

Ransomware Overview Our analysis leads us to expect increased ransomware activity over 2016 (new attacker entrants, lower cost through kit automation, etc.) Take consumer and enterprise digital assets hostage using high- strength encryption

365 views • 18 slides
Ransomware Eradication using Biomorphic Perimeterisation Introduction Types of

Ransomware Eradication using Biomorphic Perimeterisation Introduction Types of

Ransomware Eradication using Biomorphic Perimeterisation Introduction Types of Ransomware Technology Perspective and Attacked Devices Ransomware Economy Security Conditions Biomorphic Perimeterisation How to generate a

860 views • 61 slides
to Ransomware Attacks Presented by: Louisiana Secretary of State Kyle Ardoin July 23, 2019

to Ransomware Attacks Presented by: Louisiana Secretary of State Kyle Ardoin July 23, 2019

Preparing Against and Responding to Ransomware Attacks Presented by: Louisiana Secretary of State Kyle Ardoin July 23, 2019 Cybersecurity Incident 1 On July 23 2019 at 5 AM, the Information Security Team received a report from the Louisiana

398 views • 12 slides
Update on Ransomware Technology 60 Minutes Video ransomware ( noun) A type of malware that

Update on Ransomware Technology 60 Minutes Video ransomware ( noun) A type of malware that

Update on Ransomware Technology 60 Minutes Video ransomware ( noun) A type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users files unless a ransom is paid.

517 views • 30 slides
Troubling Times: Ransomware Across Texas Deputy Chief Information Security Officer Andy

Troubling Times: Ransomware Across Texas Deputy Chief Information Security Officer Andy

Troubling Times: Ransomware Across Texas Deputy Chief Information Security Officer Andy Bennett 2019 Cybersecurity Awareness Month Event October 22, 2019 2019 Texas Headlines Ransomware Ransomware Cyber criminals holding your data and

450 views • 23 slides
Smoking the Locky Ransomware Code Floser Bacurio Jr and Rommel Joven Anti-Virus Analysts,

Smoking the Locky Ransomware Code Floser Bacurio Jr and Rommel Joven Anti-Virus Analysts,

Locky Strike: Smoking the Locky Ransomware Code Floser Bacurio Jr and Rommel Joven Anti-Virus Analysts, FortiGuard Lion Team September 1, 2017 1 Cryptowall 2 This one? 3 Prevalence: Global ransomware Global Ransomware IPS Hits - February

647 views • 49 slides
How To Not Be A Victim Of Ransomware The thoughtful integration of healthcare and technology How

How To Not Be A Victim Of Ransomware The thoughtful integration of healthcare and technology How

How To Not Be A Victim Of Ransomware The thoughtful integration of healthcare and technology How Healthcare IT Differs From General IT Agenda The Growing Threat of Ransomware What You Can Do Today To Protect Your Business How Healthcare IT

440 views • 32 slides
Tracking Ransomware End-to-end Danny Y. Huang Maxwell Matthaios Aliapoulios, Vector Guo Li Luca

Tracking Ransomware End-to-end Danny Y. Huang Maxwell Matthaios Aliapoulios, Vector Guo Li Luca

Tracking Ransomware End-to-end Danny Y. Huang Maxwell Matthaios Aliapoulios, Vector Guo Li Luca Invernizzi, Elie Bursztein, Kylie McRoberts, Jonathan Levin Kirill Levchenko, Alex C. Snoeren, Damon McCoy Ransomware causes financial damages

798 views • 54 slides
Information sharing, credit booms, and financial stability Samuel Gu erineau CERDI,

Information sharing, credit booms, and financial stability Samuel Gu erineau CERDI,

Information sharing, credit booms, and financial stability Samuel Gu erineau CERDI, Universit e dAuvergne Florian L eon CREA, University of Luxembourg ESRC-DFID Growth Research Program Financial Volatility, Macroprudential

394 views • 28 slides
Financial statements bulletin January December 2018 Kari Kauniskangas, President and CEO

Financial statements bulletin January December 2018 Kari Kauniskangas, President and CEO

OODI CENTRAL LIBRARY HELSINKI, FINLAND Financial statements bulletin January December 2018 Kari Kauniskangas, President and CEO Contents 1 Group development in 2018 2 Group development in Q4/2018 3 YITs strategy 2019 -2021 4 Segment

822 views • 66 slides
Please be aware that, in the following remarks, statements made with respect to Sony's current

Please be aware that, in the following remarks, statements made with respect to Sony's current

Please be aware that, in the following remarks, statements made with respect to Sony's current plans, estimates, strategies and beliefs and other statements that are not historical facts are forward-looking statements about the future performance

415 views • 25 slides
2017 FIRST-HALF FINANCIAL REPORT M ERSEN 2017 First-half fi nancial report page 1 Management

2017 FIRST-HALF FINANCIAL REPORT M ERSEN 2017 First-half fi nancial report page 1 Management

2017 FIRST-HALF FINANCIAL REPORT M ERSEN 2017 First-half fi nancial report page 1 Management report 3 2 Consolidated financial statements 9 3 Notes 17 4 Statutory Auditors R eport 33 5 Statement of the Officer 35 This

586 views • 40 slides
MENA Information Security Conference 2017 On the Verge : Combating Cyber Threats leveraging Threat

MENA Information Security Conference 2017 On the Verge : Combating Cyber Threats leveraging Threat

MENA Information Security Conference 2017 On the Verge : Combating Cyber Threats leveraging Threat Intelligence, Faster Detection & Automated Response Adaptive Security Strategy for SOC Ramy AlDamati Principle CyberSecurity Solution

680 views • 31 slides
Cyber Quantification Non-financial Risk Management GRAFT & DAIR Lois Tullo Sohail Farooq

Cyber Quantification Non-financial Risk Management GRAFT & DAIR Lois Tullo Sohail Farooq

Cyber Quantification Non-financial Risk Management GRAFT & DAIR Lois Tullo Sohail Farooq GRI BankingBook Analytics Email: ltullo@globalriskinstitute.org (BBA) Email: sohail@bba.to 1 Drivers of nonfinancial risk Climate Change -

427 views • 32 slides
Fraud Prevention Detective Constable Sam Kinkaid, PSNI Maggie Hunter, RBS March 2018 Welcome

Fraud Prevention Detective Constable Sam Kinkaid, PSNI Maggie Hunter, RBS March 2018 Welcome

Cyber Security and Fraud Prevention Detective Constable Sam Kinkaid, PSNI Maggie Hunter, RBS March 2018 Welcome Risks Cyber Security / Fraud Common threats Case Studies what we are seeing in Northern Ireland Social

705 views • 35 slides
On the Efficient Computation of Independent Contact Regions for Force Closure Grasps Robert Krug,

On the Efficient Computation of Independent Contact Regions for Force Closure Grasps Robert Krug,

On the Efficient Computation of Independent Contact Regions for Force Closure Grasps Robert Krug, Dimitar Dimitrov, Krzysztof Charusta and Boyko Iliev Learning Systems Lab Center for Applied Autonomous Sensor Systems rebro University, Sweden

739 views • 62 slides

More recommend