Ransomware Toolkit

"Ransomware" refers to any virus or malware that maliciously encrypts your computer, data, or network to hold it hostage and bring your organization to a standstill until a ransom is paid. During these attacks, your systems display messages prompting users to pay or take other actions that further compromise your organization's security, while promising to allegedly allow you to regain control over your systems or retrieve your data.

Nonprofits, including schools and hospital systems, have been recent targets, as well as notable third-party vendors used by nonprofits, such as the Blackbaud data breach in May 2020. 

Even with an incident response plan and data backups ready to deploy, there can often be a lengthy period of time where the organization experiences disruption of operations—thus making avoidance of ransomware in the first place all the more appealing. Below are resources to help educate your staff on safeguarding your organization from malicious actors.

 

Steps you can take today:

  1. Develop and maintain a relationship with a trusted IT vendor who can identify and deter suspicious network activity
  2. Carry out frequent education of all staff about recognizing scam emails and the constantly shifting threat landscape
  3. Implement multifactor authentication on all workplace technology
  4. Conduct frequent data backups to a secure, offline location and encrypt sensitive data to make it less accessible to cybercriminals
  5. Save and keep up-to-date a hardcopy of insurance contacts, policy numbers, and vendor/support contract information to enable your provider to rapidly deploy their response in the event of a security incident

 

What Ransomware Is

 

Preventing Ransomware Attacks

 

Risk Management: Cyber Liability Insurance

 

Responding to Ransomware Attacks

 

 

See also: Prevent Ransomware Cyber Attacks for resources and webinars by the Cyber Readiness Institute.