As devastating ransomware attacks continue to have far-reaching consequences, companies still try to hide the attacks rather than be transparent. Below we highlight a company’s response to an attack that should be used as a model for all future disclosures.
On May 5th, green energy tech provider Volue suffered a Ryuk ransomware attack that impacted some of their front-end customer platforms.
Since then, Volue has been transparent about the cyberattack by providing webcasts, daily updates, and the email addresses and phone numbers for their CEO and CFO for questions about the attack.
In addition, the company states they have shared all indicators of compromise with KraftCert, a Norwegian Computer Emergency Response Team, to alert other companies and law enforcement.
Volue’s transparency is in stark contrast to the disclosures typically seen in ransomware attacks and should be used as a model for future disclosures.
This transparency has not gone unnoticed by cybersecurity professionals who are commending Volue’s response to the attack.
Volue have a Ryuk ransomware incident, but instead of pretending it’s planned maintenance or saying cyberattack, they have a website set up explaining what is happening, road to recovery, and the CEO’s phone number. https://t.co/LnvXgW1yMv
— Kevin Beaumont (@GossiTheDog) May 17, 2021
Now this is how you handle an incident with an open & honest approach to the situation. @volue_com you have my complete respect. Well done, I hope your recovery is fast & that you will find a silver lining from this experience. Good Luck in what i’m sure will be a bright future. https://t.co/y4JhXs12an pic.twitter.com/QmMw80XZN7
— PeterM (@AltShiftPrtScn) May 17, 2021
Many are comparing Volue’s transparency to Norsk Hydro’s, another Norwegian company who also garnered respect for how they handled a 2019 LockerGoga ransomware attack.
While BleepingComputer would usually cover Volue’s ransomware attack, they have been so transparent and detailed that we have nothing further to add.
Transparency looks better, not worse
Transparency protects your customers and employees, inspires confidence in your company, and aids law enforcement, yet few companies choose to be transparent.
Instead, almost every ransomware victim first tries to hide an attack out of fear that it could cause reputational or legal harm.
Ultimately, the true nature of the attack is revealed after a malware sample or note is found, or the ransomware gangs publish data stolen during the attack.
Employees of breached companies have told BleepingComputer that their employers denied an attack or that data was stolen until the ransomware gangs publicly released the files.
By not being transparent from the beginning, the victim’s customers, employees, and business partners are put at greater risk as they are not provided ample warning as to what was stolen.
Being transparent also allows breached companies to assist law enforcement in their investigations and prevent further attacks.
Finally, transparency inspires confidence with your employees, customers, and investors that the company is responding correctly to the attack and that there is nothing to worry about.
Companies urged to report ransomware attacks
The FBI has urged victims to report ransomware attacks so they can receive fresh IOCs (indicators of compromise) about a ransomware operation.
When an organization is attacked, it is crucial for law enforcement to quickly receive known IP addresses, files, and domains used by the attackers to be immediately analyzed and used as part of their investigations.
The longer a business waits to provide law enforcement with IOCs, the less useful they become as the attackers hide their traces or remote sites are shut down.
Why let the ransomware gangs control the narrative when you can control it yourself by being transparent?