Chapter 4: Recovery and lessons learned post-ransomware attack

Ransomware Chapter 4

Whether fictional private utility company Vulnerable Electric pays the ransom or not in the aftermath of its cyber incident, the two pathways quickly splinter off in different directions with varied endings, each with important lessons to be learned.

DISCLAIMER:  This case study depicts a fictional cyber incident based on real-life scenarios described by expert interviewees, media reports, and other publicly available resources. While the details surrounding the characters, company, and ransomware attack are imagined, the business concerns and legal issues raised are plausible and based on actual cases.

It is impossible to quantify the comparative costs of the ransomware attack in Vulnerable Electric’s (VE) two parallel universes. According to a chief information security officer (CISO) who wished to remain anonymous, “The ransom payment almost always comes down to the recovery time cost versus ransom payment cost. The secondary factor is the public image or brand damage.”

Although VE’s two pathways start off with the same binary question—pay the ransom or not—the resultant narratives quickly splinter off in different directions with varied endings.

This is members-only premium content

JOIN NOW

If you are already a member, SIGN IN now.