Trusted Internet Blog

Thoughts, Guidance, Musings

Ransomware - Your defining moment? or your Oh 💩 moment?

Posted by Jeff Stutzman, Chief Information Security Officer | Mar 27, 2019 4:10:39 PM

Not a day goes by without another major news story (although, are they really major stories anymore?). However, the Norsk Hydro Ransomware event will definitely get its few minutes of journalistic play. 

Today, after going through recovery from previously harvested off-line backups (BZ! to them), the company is finally getting back to work.  Even with revenue losses of approximately $40 mil,  it could have been much worse.  Rumor has it (unconfirmed) the ransom was a very very high nine figure number (like, $900 million!?) I'd love confirmation on this if anyone has it!  If that number is really true, these are no longer ransom events, but rather company-breaker events. Did someone try to kill Norsk Hydro? 

Not sure.

What I do know is this...  We're finding ourselves up to our eyeballs in targeted ransomware cases.

How many companies out there actually have the ability to pay a 6+ figure ransom?  We worked one of these last year and it was a significant undertaking. Now, we find ourselves getting calls almost daily from someone else who's had a targeted ransomware event.  For their corporate technology team, it IS their defining moment. I call it their OH SH*T! moment. It's when a company has someone like me come in the door and ask “where are the offline backups?”. Usually, the internal team has been working round the clock to fix the problem on their own, but... eventually the company realizes they're in trouble, can't get out, and needs real help with plans for recovery and moving forward so as to never have this happen to them again.

Most small or mid-market companies (the vast majority in the world are small and mid-market companies) would be bankrupt. Larger companies can absorb some of the hit, but numbers like this are generally not insurable.  One thing is certain, if you're not thinking about it now... you're rolling the dice on your own (ahem) defining moment.

What would you rather have? A defining moment? Or an Oh SH*T moment? 

The Oh Sh*t moment comes when you've got a problem and don't know what to do. You're dead in the water with no steering. Your CIO has gone into hiding leaving the  CISO to face the wrath of the CEO and the board. Neither one knowing how to effectively handle this now devastating and job ending event.

What will be your defining moment? – C’mon you’ve got this. So, you got hit, but you were prepared, and you handled it. Your defining moment comes when your CEO asks you to proudly brief the board on how you were ready and executed a well thought-out plan. They want to hear exactly how you handled the event.  That’s just fine because you already have a storyboard prepared because you’ve trained for this eventuality that you knew would come.  Today you are a rock star and to everyone across the company, you’ve just saved the world

Which would you rather be? 

I want to prepare you for your defining moment and when it happens, I’ll even let you take all the credit.

Call us or drop us a line. staysafeonline@trustedinternet.io 

Topics: Cyber, Network Security, Information Security, botnet, ceo, home security, ransomware

Written by Jeff Stutzman, Chief Information Security Officer

Jeff Stutzman Chief Intelligence Officer, Wapack Labs Chief Information Security Officer, Trusted Internet Wapack Labs is a private cyber intelligence organization that performs research, analysis, and intelligence operations. The Lab authors cyber threat intelligence and analysis for the global memberships of the Red Sky Alliance, the Financial Services ISAC and the Maritime and Port Security ISAO. Prior to Wapack Labs, Mr. Stutzman served as a Director at the DoD Cyber Crime Center (DC3). Mr. Stutzman has ‘boots on the ground’ experience in more than two dozen high-risk cyber threat areas including China, Brazil, the Middle East, and South America. Mr. Stutzman has held operational and senior positions with Cisco Systems, Northrop Grumman, Carnegie Mellon University, the DoD Cyber Crime Center and is a former Navy Intelligence Officer. He has been cited in the Wall Street Journal, Wired Magazine, NH Public Radio, and numerous trade publications. He holds a BS from Excelsior College, an MBA from Worcester Polytechnic Institute, and is a Harvard Kennedy School Senior Executive Fellow.