Global Ransomware Attack Update

Cynthia Larose
Mintz - Privacy & Cybersecurity Viewpoints
Contact
LinkedIn
Facebook
X
Send
Embed

We’ve been following the latest on the WannaCry ransomware attack that we first told you about over the weekend.

A feared “second strike” did not materialize today, but victimized firms in over 100 countries are still struggling to recover.

So, what’s next?

If you needed to build the business case for increasing the budget for updates/upgrades and your IT programs, this should provide you with the jump start.    If your IT support and maintenance is outsourced, you should be asking questions.   Now.

  • What versions of operating systems and software are you running?  Obsolete versions of Microsoft Windows are particularly vulnerable, not only to this exploit, but to new variants. There may be very specific circumstances that require you to use versions that are no longer supported (including the cost of upgrade), but now is the time to revisit the topic with the Board of Directors if necessary.
  • Is your company’s patching program up-to-date?   At the very least, have you updated this weekend?  You should make sure that both your personal and business machines running Windows are updated with patches issued by Microsoft.    If you can’t patch directly, follow TrendMicro’s suggestion to use a virtual patch.  If you can’t patch; segregate machines with outdated operating systems.
  • What is your backup and recovery plan?   Do you have one?   If you have a well-thought out data backup and recovery plan, then you may be able to ride out a ransomware attack by restoring your data from clean backups.  Management should be asking if there is a plan to assure that all important files are backed up in a way that will prevent a ransomware infection from attacking both the primary files and the backups.
  • Are you following US-CERT alerts?  Sign up here.
  • Review your insurance policies.   Ransomware attacks and the after-effects may be covered by a cyberliability policy.   But, the failure to take preventive action could trigger an exclusion.  Also, look at your other policies —  business interruption, crime, kidnap/ransom — to see if you can stack coverage.

Be vigilant.   Encourage vigilance in your workforce.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Mintz - Privacy & Cybersecurity Viewpoints | Attorney Advertising

Written by:

Mintz - Privacy & Cybersecurity Viewpoints
Mintz - Privacy & Cybersecurity Viewpoints
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Mintz - Privacy & Cybersecurity Viewpoints on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide