According to press coverage and online resources, in the last 48 hours or so cyber attacks targeted and hit over seventy countries across Europe, the Middle East and Asia. The attack which seems unprecedented in scale is reported to have used ransomware (i.e. malware which, once installed, encrypts a users' own data until they pay a ransom) sent by email with an attachment. The particular malware currently reported to be used seems to have already been identified in the past and Microsoft is said to have already rolled out a patch to address the issue, however, not all users, among them apparently numerous hospital systems, have updated such patch.

As I have written before, while preventing and identifying potential cyber exposure and weak points should be addressed ahead of time, organizations and individuals should also carefully consider in advance their zero-day response once any cyber event has affected their organization or professional account.

The first thing to remember in such instances is that your initial instincts are most often counterproductive (as those reactions are the first things any 'decent' malware expects or targets) and that your computer / systems / accounts are now, effectively, a crime scene (hence the "CSI" heading). So, if you've watched any TV series that deals with crime scenes, you would probably do well to apply some of the fictional lessons with the required changes to adapt to the real world:

  • Do NOT tamper with a crime scene (which actually means do not turn on, off, save, email or do any other activity in or connecting the affected systems). Malware often targets your initial response as a means to further its own causes or to trigger automated (definitely not pleasant) responses. The correct technical responses should be determined with professionals and in coordination with your legal.
  • Do NOT cover the occurrence up, pretend it didn't happen or assume it will go away if untreated or unfound. Early detection and even more importantly, early reporting for the organization to take a well measured response in a timely manner is crucial both from operational and liability perspectives. Has everyone who needs to be notified been notified? Within the organization? What about stakeholders or down / up the supply chain? Determine your legal obligations in a timely manner to avoid compounding your legal issues.
  • If you were lucky and dodged a bullet on this event, do NOT wait for the next zero day response to take the steps and measures you wish you had in place today.
  • Do NOT try to handle on your own. Seek professional help. Whether technical, insurance or legal to assess the scope and implications of any cyber event.

As we have already been working with clients on issues arising from the above, we would like to remind our clients and friends that Shibolet offers a Cyber Initial Response Team on a 'hotline' basis to cover the legal aspects of any cyber event affecting organization or corporations, including:

  • Incident response, data gathering and legal due diligence of the incident and its legal implications;
  • Corporate governance and disclosure issues;
  • Litigation assessment and response.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.