"Ransomware" refers to any virus or malware that maliciously encrypts your computer, data, or network to hold it hostage and bring your organization to a standstill until a ransom is paid. During these attacks, your systems display messages prompting users to pay or take other actions that further compromise your organization's security, while promising to allegedly allow you to regain control over your systems or retrieve your data.
Nonprofits, including schools and hospital systems, have been recent targets, as well as notable third-party vendors used by nonprofits, such as the Blackbaud data breach in May 2020.
Even with an incident response plan and data backups ready to deploy, there can be a lengthy period of time where the organization experiences disruption of operations—thus making avoidance of ransomware in the first place all the more appealing. Below are resources to help educate your staff on safeguarding your organization from malicious actors.
Steps you can take today:
- Develop and maintain a relationship with a trusted IT vendor who can identify and deter suspicious network activity
- Carry out frequent education of all staff about recognizing scam emails and the constantly shifting threat landscape
- Implement multifactor authentication on all workplace technology
- Conduct frequent data backups to a secure, offline location and encrypt sensitive data to make it less accessible to cybercriminals
- Save and keep up-to-date a hardcopy of insurance contacts, policy numbers, and vendor/support contract information to enable your provider to rapidly deploy their response in the event of a security incident
What Ransomware Is
- What You Need to Know About Ransomware (Center for Internet Security, 2020): basic overview of ransomware and how to report report incidents, phishing attempts, and malware to the U.S. Cybersecurity and Infrastructure Security Agency (CISA)
- How To Recognize, Remove, and Avoid Malware (Federal Trade Commission): signs of your device being infected with malware and mitigating steps to take
- Be on High Alert for Ransomware Attacks (GRF CPAs & Advisors): defines three types of ransomware and gives an anatomy of how these attacks are carried out
- Ransomware – A Security Risk for You and Your Organization (D.C. Bar Pro Bono Center, 2017): free one-hour webinar
Preventing Ransomware Attacks
- Cybersecurity & Infrastructure Security Agency (CISA)'s cybersecurity training and webinars, with notable webinars for K-12 organizations and their general audience "Don't Wake Up to a Ransomware Attack" recording, which "provides essential knowledge to prepare you and your organization to prevent, mitigate, and respond to the ever-growing threat of ransomware attacks."
- Ransomware Guide (CISA, 2020) includes Ransomware Prevention Best Practices and Ransomware Response Checklist
- 7 Steps to Help Prevent & Limit the Impact of Ransomware (Center for Internet Security)
- Tips & Advice to Prevent Ransomware from Infecting your Electronic Devices (EuroPol infographic)
Risk Management: Cyber Liability Insurance
- The Latest Ransomware Attacks & Cybersecurity Insurance Considerations free one-hour webinar (HBK CPAs & Consultants, 2021)
- Demystifying Cyber Liability Insurance (Nonprofit Risk Management Center)
- A Nonprofit Buyer's Guide to Cyber Insurance (McGuire Woods, 2013)
Responding to Ransomware Attacks
- Report ransomware to U.S. federal agencies, e.g. the CISA Incident Reporting System: "Victims of ransomware incidents can report their incident to the FBI, CISA, or the U.S. Secret Service. A victim only needs to report their incident once to ensure that all the other agencies are notified."
- An Incident Response Plan Prepares You for a Ransomware Attack (GRF CPAs & Advisors, 2021)
- Guide to establishing a service or business continuity plan (part of CISA's Cyber Resilience Review series): intended for executives or other staff implementing policies that outline on organization's response to disruptive cybersecurity incidents
- 2020 Tech Forward Conference presentation on lessons learned from a nonprofit that survived a ransomware attack
See also: Prevent Ransomware Cyber Attacks for resources and webinars by the Cyber Readiness Institute.