English Site
Chinese Site


04 December 2024
 
   
 
 

新聞 N E W S

  

A ransomware negotiator shares 3 tips for victim organizations

2023-01-19


South_agency
 

This is no time for knee-jerk reactions. “Take a deep breath and slow things down,” said Drew Schmitt, principal threat intelligence analyst at GuidePoint Security.

Part of the role of a ransomware negotiator is to bring calm to a situation that can feel like a waking nightmare for the victim organization.

Coordinating a response in the aftermath of such a volatile incident puts a company’s finances, reputation and longevity on the line.

“When the actual ransomware attack is occurring, I think the biggest thing is [to] take a deep breath and slow things down,” said Drew Schmitt, principal threat intelligence analyst at GuidePoint Security.

“The first knee-jerk reaction for most organizations is to kind of freak out a little bit, and rightfully so,” Schmitt said.

Ransomware groups are known to exploit human psychology as a tactical advantage, but that behavioral response can create additional work and slow time to recovery.

The psychological component can be minimized when incident responders act with a sense of urgency but in a calm and collected demeanor, according to Schmitt, who has responded to hundreds of ransomware incidents during his career.

Schmitt, who also facilitates ransomware negotiations — acting as the liaison between the victim organization and the threat actor — shares his top three tips for organizations hit by ransomware:

Slow down and don’t freak out

Preserve evidence

Learn from the experience

The typical reaction, following a ransomware attack, is to shut things down, re-image all computers and get the matter resolved as quickly as possible.

However, if evidence isn’t preserved, analyzing the root cause of how the attack started, made its way through the network and ultimately ended up as ransomware may not be possible, Schmitt said.

Organizations that move too quickly are also less likely to learn from the experience.

“When a ransomware scenario happens, it’s nobody’s fault,” he said. What matters more is how an organization moves forward.

Learning from the experience includes identifying gaps in defense and pursuing a collective remediation of those weak points to improve the company’s security stance and help prevent another attack.

Ransomware response often falters when there’s a disconnect between the technical and business units of the organization, according to Schmitt.

The quality and value of an incident response investigation and recovery is lower when businesses cut corners to resume operations at any cost.

That’s when pertinent details go potentially missed or systems are improperly restored, Schmitt said.



 
 
 

QUICK LINKS

VISA Information
FAQ
About the Philippines
About Taiwan
Links and Travel Guide


TAIWAN CHAMBER OF COMMERCE AND INDUSTRIES OF THE PHILIPPINES, INC.
IT Team
all rights reserved ©