In the wake of the ransomware cyberattacks that touched businesses globally starting on Friday, it is more important than even for private equity firms and their investors to protect themselves.
Investors need to understand what is ransomware, how they can fall victims to such attacks and what to do when the victim of a ransomware attack.
What is ransomware?
It's a computer malware that blocks access to a computer system by encrypting files and that demands a ransom to restore the data.
“The attacks are sneakier,” Eldon Sprickerhoff, founder and chief security strategic at eSentire, said in November for private funds management's cybersecurity roundtable discussion. “With ransomware, they're evolving their techniques and tactics. They're asking for higher ransoms based on what they believe the firm may be willing to pay and they're setting shorter timelines to pay before the files are deleted.”
How can private equity firms prepare?
The first step is to have a cyber-preparedness plan in place that will describe how a firm will address an attack. Firms should also isolate their most sensitive data to increase the protection and allowing only a certain circle of people within a firm access.
This lockdown approach of moving the data into one specific area of a network and granting access only to a specific number of people reduces the likelihood that someone will be able to break through the entire network and access sensitive information.
Regularly backing up data and being aware of what has been backed up can also save firms some trouble “When you're running into groups that are victims of ransomware, quite often it's not that they know what was on the computer that got encrypted,” Nicholas Barone, director at EisnerAmper's consulting services group, told PEI also in November. “Often, they don't know. All of a sudden they have to decrypt it because they don't know if it was valuable or not.
Training employees on what they should and shouldn't do, or rather click on, is one fo the most important element of readiness.
How can private equity firms respond to an attack?
Firms should first determine whether there's actually been a technical and legal breach of their network. The tricky part to that is that the definition of a breach differs according to different jurisdictions.
If a firm does establish there's been an actual breach, it should contact the following three parties before acting on the attackers' request: their external legal counsel, their insurance company and the forensic investigation company on retainer.