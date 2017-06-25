According to press coverage and online resources, in the last 48
hours or so cyber attacks targeted and hit over seventy countries
across Europe, the Middle East and Asia. The attack which seems
unprecedented in scale is reported to have used ransomware (i.e.
malware which, once installed, encrypts a users' own data until
they pay a ransom) sent by email with an attachment. The particular
malware currently reported to be used seems to have already been
identified in the past and Microsoft is said to have already rolled
out a patch to address the issue, however, not all users, among
them apparently numerous hospital systems, have updated such
patch.
As I have written before, while preventing and identifying
potential cyber exposure and weak points should be addressed ahead
of time, organizations and individuals should also carefully
consider in advance their zero-day response once any cyber event
has affected their organization or professional account.
The first thing to remember in such instances is that your
initial instincts are most often counterproductive (as those
reactions are the first things any 'decent' malware expects
or targets) and that your computer / systems / accounts are now,
effectively, a crime scene (hence the "CSI" heading). So,
if you've watched any TV series that deals with crime scenes,
you would probably do well to apply some of the fictional lessons
with the required changes to adapt to the real world:
Do NOT tamper with a crime scene
(which actually means do not turn on, off, save, email or do any
other activity in or connecting the affected systems). Malware
often targets your initial response as a means to further its own
causes or to trigger automated (definitely not pleasant) responses.
The correct technical responses should be determined with
professionals and in coordination with your legal.
Do NOT cover the occurrence up,
pretend it didn't happen or assume it will go away if untreated
or unfound. Early detection and even more importantly, early
reporting for the organization to take a well measured response in
a timely manner is crucial both from operational and liability
perspectives. Has everyone who needs to be notified been notified?
Within the organization? What about stakeholders or down / up the
supply chain? Determine your legal obligations in a timely manner
to avoid compounding your legal issues.
If you were lucky and dodged a bullet
on this event, do NOT wait for the next zero day response to take
the steps and measures you wish you had in place today.
Do NOT try to handle on your own.
Seek professional help. Whether technical, insurance or legal to
assess the scope and implications of any cyber event.
As we have already been working with clients on issues arising
from the above, we would like to remind our clients and friends
that Shibolet offers a Cyber Initial Response Team on a
'hotline' basis to cover the legal aspects of any cyber
event affecting organization or corporations, including:
Incident response, data gathering and
legal due diligence of the incident and its legal
implications;
Corporate governance and disclosure
issues;
Litigation assessment and
response.
