I’m waiting for a company that is ready for ransomware in the same way they would be ready for a weather event. Imagine something like the following response if this hypothetical company gets hit with ransomware:

Today approximately 25% of our computers have been disabled by ransomware, and many of the remaining 75% of the computers are not able to perform their business functions due to our incident response and isolation procedures.

Ransomware is unfortunately an event that is increasing in frequency in all countries and sectors. While we have implemented what we believe to be an appropriate and strong cybersecurity program, there is no way we, or any company, can reduce the likelihood of a ransomware incident to near 0%.

Like weather events, labor issues, supply chain issues and other risks to our business, we have accounted for a potential ransomware incident as part of our risk management program. Due to this planning this ransomware incident is not expected to have a material impact on our business and only a minor, quickly recovered impact on our customers.

We expect normal deliveries of our products to resume in three days or sooner. As part of our plan to recover from a manufacturing and delivery outage, for any reason, we will run the manufacturing line and supporting systems 24×7 and expect to be current on all delivery schedules within 10 days or sooner.

While our risk management program anticipated and prepared the company for a ransomware incident, a key part of our incident response plan is post incident analysis and implementing lessons learned. This will likely result in changes to our security controls and resilience measures, as well as improvements in our incident response plan.

We are sharing details of this ransomware attack with the appropriate law enforcement and government agencies so they can consider criminal or other action. We will also share sanitized details of the incident with the appropriate industry groups so our colleagues in the industry can proactively hunt for this threat and better defend themselves.

We will provide a daily update on the status of the resumption of product deliveries. Customers are being contacted with the updated delivery schedules, and can certainly reach out to their account manager with any additional questions or concerns.

Sign up for my ICS Security: Friday News & Notes