This week's featured Plan4Continuity plan template focuses on cybersecurity, specifically when falling victim to a ransomware attack. We link the plan to real-life examples and explain how it addresses such examples.
- New Windows ransomware DarkSide used to hit Canadian real estate firm – “Malicious attackers claim to have stolen more than 200GB of data from Brookfield Asset Management, a 121-year-old firm which is headquartered in Toronto, with corporate offices in New York City, London, Rio de Janeiro and Sydney.”
- Canadian Firm Canpar Express Becomes Ransomware Attack Victim – A Canadian shipping company, Canpar, has emerged as the latest prey to a ransomware attack. The incident caused huge business disruption.
- SMB Cybersecurity Catching Up to Enterprise … But the Human Element Still a Major Concern – “Cyberattacks on small to medium-sized businesses (SMBs) are continuing at a relentless pace, with the vast majority of data breaches coming from outside the organization.”
If you consider some of the highlights of the last week, it is clear that cybercrime incidents such as ransomware attacks are business as usual.
1. Speed of actions can make the difference
2. Set up your Plan4Continuity Ransomware attack plan
3. Activate your Plan4Continuity Ransomware attack plan
There are many different types of threats that can wreak havoc on an organization's IT systems. In this post, we are focusing on a ransomware attack which may have been initiated from several routes into the network.
1. Speed of actions can make the difference
During a Ransomware attack speed of actions is critical since the ransomware software is trying to encrypt as much as possible, both on the first computer infected and all others connected to it. Additionally, with businesses increasingly working from home, the increase in remote working platforms and endpoints, ransomware attacks have, unsurprising, increased since the COVID-19 breakout.
2. Set up your Plan4Continuity Ransomware attack plan
When setting up your ransomware attack plan, first set up the most important elements of continuity planning namely: your people (plan manager, plan activators, other stakeholders that should be notified in the event of an attack, and so forth); assets; services; locations; and vendors/suppliers/customers.

3. Activate your Plan4Continuity Ransomware attack plan
In the event of a ransomware attack, active your plan and follow the following steps: (i) Isolate the infected computers and devices immediately and (ii) broadcast notice to your people, “we have been attacked by ransomware, disconnect devices from network-Wi-Fi immediately. Await instructions”. Thereafter, (iii) determine the infection type and the extent of the infection and attempt to (iv) restore encrypted data and bring machines back into service. Finally, (v) conduct a full Cyber Security review
and (vi) obtain sign-off for this ransomware attack from the authorized signatory.
The best way to fight off a ransomware attack is to not let it happen in the first place. This means having controls and security in place to prevent an attack. Not only will our Ransomware Attack plan guide you through what to do when one does occur, but our Cyber Security - Quarterly review will ensure that you stay ahead and prevent attacks from happening at all. Each of our plans must be reviewed to adjust it to your specific organization and needs and can be edited as needed before being finalized.
You might also be interested to read:
Judgment Day – MSP Targeted Ransomware Attacks Threaten Industry Credibility
Meeting the emerging threat: Streamline business continuity to protect against ransomware
This is not a drill: Business Process Automation when hit by a data breach