Ransomware, in a nutshell, is a type of malware that locks the rightful user out of their files, devices, or device network, demanding a ransom to restore access upon payment. Since 2019, the number of ransomware attacks has increased by 158% in North America and 62% globally. Additional findings from the same report also indicate that cybercriminals leverage increasingly sophisticated tactics to harm organizations for a data “ransom.”
The cumulative cost of dealing with ransomware is predicted to cost organizations $20 billion by the end of 2021. That is 57x more compared to 2015 generating an additional loss to businesses of $8,500 per hour due to ransomware-induced downtime.
Simply put, no organization is immune to cyberattacks. Case in point: the Taiwanese hardware and electronics corporation Acer was hit recently by a ransomware attack with hackers asking for a $50M ransom.
When an organization’s data and systems are taken hostage, data may never be recovered, but, even if possible, it could take much more time for the damage to the brand and reputation to bounce back. It’s therefore crucial for organizations to plan for an attack, as unlikely as it may seem.
How can organizations and communicators prepare for and recover from ransomware attacks? Read on to find out.
How Can a Ransomware Attack Play out for an Organization?
There are many ways for ransomware to make its way onto devices and corporate networks. One of the most common entry routes is via phishing emails – these typically contain malicious attachments masquerading as trustworthy files or links. Once opened or downloaded, malicious actors can take over the victim’s computer. This can be simplified if social engineering tools are in place, tricking users into allowing administrative access to the device. That being said, if proper email security measures aren’t in place, simply opening emails, downloading files, or opening attachments could unknowingly unleash ransomware on the individual computer and the entire organizational network.
Another way for ransomware to infiltrate devices is through drive-by downloads or phishing websites infecting a company’s endpoints.
Once ransomware hits, it’s entirely common for businesses to lose access to and control of their email systems, VOIP, Intranet, servers, and websites. When this happens, it is essential to maintain open lines of communication with employees, customers, and all other stakeholders. It is not good to leave them wondering why they can’t access specific services or if your network poses a threat to their systems. Recently, American software firm Kaseya was the target of a sophisticated ransomware attack.The company promptly warned customers to shut down their servers to prevent them from being also compromised in the attack.
Communication Gone Wrong: The Colonial Pipeline Incident
But not all companies manage such challenging situations as competently. In May 2021, US gasoline company Colonial Pipeline suffered a string of deeply damaging, high-profile ransomware attacks and cyber breaches. To contain the damage, the company shut down 5,500 miles of its pipelines, about 45% of the entire United States East Coast’s fuel supplies.
Regardless of the magnitude of this event, Colonial Pipeline waited 30 hours before making a public statement about the ongoing attack and developing crisis, leaving customers, and stakeholders clueless about fuel supplies.
How to Communicate with Different Stakeholders?
Chris Leach, Senior CISO advisor at Cisco recommends: “Communicate with people upward and downward and communicate continuously. Include what you know to inspire confidence that you, as a company, are addressing the issue and protecting the information.”
Nevertheless, experts agree on informing stakeholders on a “need-to-know-basis”. Essentially, the recommendation is to avoid sharing all the details of a breach, and instead give just enough to address their questions and concerns and assure stakeholders that the breach is under control.
Despite the challenges of the respective situation, communication remains key when dealing with any cyber incident and organizations need to inform their employees, customers, and suppliers about what is happening promptly. Having a crisis communication plan in place will help PR teams do just that. This will enable organizations to prepare a framework for producing transparent and consistent messaging across all channels and tailored to different target groups. It will be crucial to include alternative communication channels (such as offline modes), for both internal and external communication.
Ransomware: Communication Best Practices
When under attack, apply these useful best practices to maintain effective internal and external communication:
- Communicate fast – It’s important to keep in mind that organizations need to comply with the relevant regulations. To disclose cyber incidents, the European General Data Protection Regulation defines a window of 72 hours. In the United States, there’s a new cybersecurity bill in the making that would require organizations to report a cybersecurity breach within 24 hours of detecting it.
- Maintain transparency – It is essential to be transparent about the consequences of a ransomware attack both within the organization and with external stakeholders. Concealing the incident can be highly damaging to the company’s reputation.
- Be responsive – Provide strong customer support via appropriate mediums. Customers should possess adequate and consistent information to resolve any queries or address any concerns they may have regarding the attack. A delayed or carefree response can result in further chaos and could discourage customers’ faith in your organization.
- Include offline communication methods – Leveraging online channels to communicate could be impossible during a ransomware attack. Conventional offline modes such as memos, notices, and landlines will allow for more reliable and safe means of communication.
Today, no organization is immune to ransomware attacks — even with the best possible security systems in place — cybercriminals can adapt their malware to make it superior to your controls.
So, while these tactical solutions can help control ransomware impact, ultimately, a holistic crisis communication plan across the entire organization will prove vital. A data breach or ransomware attack will most likely cause great economic loss, spread panic among stakeholders, and damage the reputation of your business. The only hope of recovering from such a blow is to be transparent about what’s happening and keep the lines of communication open at all times. While cybersecurity teams and experts minimize the damage done to the systems, communications teams should do the same for the organization’s reputation, brand, and people.