top of page
Writer's pictureBrian Gutreuter

Who Do You Call Immediately After Receiving the Ransom Note?

You just saw the ransom note from your IT Director, it is legit, you have a malicious actor in

your system threatening to shut everything down unless you pay them. The immediate actions you take will significantly impact your response to this ransomware incident.


Who do you call first? Law enforcement? Your lawyer? The insurance company? The malicious actor who is demanding a response or else?


Should you call law enforcement first? Not initially. While they are essential, they come into play later.


Should you contact your cyber insurance company first? No, they follow as your second call.


Should you engage with the malicious actor? Never.


Your first call needs to be your attorney.


You want them on the call with you and the insurance company so that everything communicated during the call is protected by attorney-client privilege. Your insurance company, who has done this many times, will help you determine the proper law enforcement agency to contact and evaluate the next steps.


Moving forward, the insurance company will take the lead on communicating with the

malicious actor, they have experts who do this for a living, to make sure you are protected

as much as possible through the process.


It is critical to involve law enforcement at the right time. They possess extensive experience with these incidents and offer invaluable technical insight and assistance during recovery. It's also important that you have your attorney participate in discussions with law enforcement.


Finally, let's consider your attorney. Do they possess experience in managing cybersecurity incidents? If not, it's advisable to retain an attorney with cybersecurity expertise on retainer for this specific moment. Specialized attorneys will provide guidance and protection as you work with your insurance company and law enforcement.


Malicious actors seek access to your valuable data. While your security measures aim to keep them out, in the event a breach occurs, readiness to make the right initial call is essential.

Comments


bottom of page