***URGENT*** MEMO TO “THE IT GUY” RE: RANSOMWARE

***urgent memorandum***

TO: The “IT Guy”

FROM: Shawn Tuma

SUBJECT: Your clients affected by ransomware


STOP OVERWRITING / WIPING / DELETING OR OTHERWISE DESTROYING YOUR CLIENTS’ DATA WHEN THEY ARE AFFECTED BY RANSOMWARE!!!

PLEASE!!! PRETTY PLEASE!!! PRETTY PLEASE WITH SUGAR ON TOP!!! JUST STOP IT!!!

Seriously, everyone understands that ransomware is scary stuff and when you discover that one of your clients has been hit by it, it can cause quite a bit of panic. That is understandable. But, when you feel that sense of panic, that is not the time to act — that is the time to pause, take a deep breath, gather your senses, and let your emotions settle down and your brain take back over. Then, recall the Hippocratic Oath that doctors must take:

“first, do no harm”

Just because you cannot figure out what to do with the encrypted data does not mean that there are not other people out there who can. Consider these points:

  • There are really good folks out there who are experts at getting data like this decrypted.
  • There are outstanding cyber insurance policies that will pay the cost of the ransom to recover the data.
  • Over the course of time, ransomware decryption keys start to make their way into the wild and data that was at one time unrecoverable magically becomes recoverable.
  • And, in many cases, that original encrypted data is necessary to perform forensics that may prove to be very beneficial to your client.

But guess what? NONE OF THIS IS POSSIBLE AFTER YOU COME ALONG AND FINISH THE HACKER’S JOB BY DESTROYING ANY HOPE YOUR CLIENT EVER HAD OF RECOVERING ITS DATA BY PERMANENTLY DELETING IT!!!

PLEASE, JUST STOP IT!!!

Complimentary SecureWorld Webinar – 2016 Breaches: Lessons Learned

You are welcome to attend a complimentary SecureWorld webinar with these featured presenters:

  • Erich Kron, Security Awareness Advocate, KnowBe4
  • Aliki Liadis-Hall, Director of Compliance, North American Bancard
  • Craig Spiezle, Executive Director & President, Online Trust Alliance
  • Shawn Tuma, Cybersecurity & Data Privacy Partner, Scheef & Stone, LLP

The webinar qualifies for CPE Credits, and will take place on Wednesday, November 30 at 12 pm CST but if you are unable to attend, you can access the recording as well.

You can learn more about, and register for, the webinar at this LINK.

Cybersecurity: How Long Should An Incident Response Plan Be?

Last evening I had the pleasure of talking cybersecurity law with a group of CIOs from some pretty sophisticated companies. It was a great discussion and I learned as much as I shared — just the way I like it. During our discussion, the subject of Incident Response Plans came up and I explained why these are now a must-have.  Continue reading “Cybersecurity: How Long Should An Incident Response Plan Be?”