SCENARIO: Your organization is located within a flood zone. Winter weather combined with warming temperatures has caused flooding throughout the area. Local authorities have declared a state of emergency. In the midst of managing the flooding, a ransomware attack occurs on your facility, making computer systems inoperable.
What is your response?
Discussion questions
• Do you have a COOP (Continuity of Operations Plan) or DRP (Disaster Recovery Plan)?
o If so, do you carry out an annual simulation to ensure the COOP or DRP is sufficient and running smoothly?
• Do you have an Incident Response Plan (IRP) that specifically details ransomware steps?
o What steps will you take if restoring from backup is not an option?
o Does your IRP only take into account the financial implications of a cybersecurity incident, or does it consider the severity of the situation as well?
o Do you have a plan in place for how to acquire bitcoin?
o Have you considered that a targeted ransomware attack may require more bitcoin than is easily accessible on the market?
• Do you have a backup for completing Emergency Operations Center (EOC) processes without a computer system?
o Can you route emergency communications/processes through a neighboring entity?
• Who do you need to notify, and how will you do so?
o Consider that increased phone traffic may be congesting the lines.
Processes tested: Emergency response
Threat actor: External threat
