Key Response Steps for Businesses Impacted by Recent Global Cyberattack Exposing the Personal Information of Millions
2 min read
As of June 15, 2023, several US federal agencies and the personal information of 3.5 million Oregon and Louisiana residents have been compromised in a cyberattack affecting companies and government agencies across the globe. The cyberattack has been attributed to the CL0P Ransomware Gang, which exploited vulnerabilities in a widely used file transfer software (MOVEIt). Given the global scope of this cyberattack, businesses should to take steps to ensure that their systems and data are secure. Specifically, businesses should consider the following steps to protect, investigate and respond to this global cyberattack campaign as well as our incident response flow chart.
Protect
Even in the absence of any evidence of compromise, businesses should be proactive in securing their information technology systems and data by:
- Assessing systems and networks, including:
- reviewing logs and alerts for unusual behavior;
- updating any signatures for end point detection or network monitoring;
- ensuring software is patched and updated; and
- strengthening remote access controls (i.e., MFA), as needed.
- Monitor and control any traffic from organizations affected by cyberattack.
- Test data backup and restoration procedures to ensure resiliency.
Investigate
If a business is impacted by the cyberattack, it should:
- initiate and investigate and consider engaging a forensic investigation firm to assist with determining the scope, nature and impact of the incident;
- assemble an incident response team to coordinate and execute the investigation, and address stakeholder concerns;
- Take specific action to stop the incident and contain its impact; and
- Determine and eliminate the cause of the incident.
Respond
- While the investigation is occurring, a business should also:
- assess the necessity of paying the ransom and develop a negotiation approach;
- consider potential regulatory scrutiny for paying ransom benefiting sanctioned entities;
- address whether notification is legally or contractually required to potentially affected individuals or entities, any other third parties (business partners, shareholders, investors, regulators) or public filings;
- develop a plan for communicating with board of directors, executive management and personnel; and
- carefully, prepare public communications only as needed.
White & Case means the international legal practice comprising White & Case LLP, a New York State registered limited liability partnership, White & Case LLP, a limited liability partnership incorporated under English law and all other affiliated partnerships, companies and entities.
This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.
© 2023 White & Case LLP