Share

Chen & Co. Law Firm speaking at a seminar on ransomware at the European Union Chamber of Commerce in China

On 29 August 2017, Galaad Delval, Researcher at Chen & Co. Law Firm, specialized in cybersecurity and data protection law gave a presentation at the European Union Chamber of Commerce in China (EUCCC) covering recent developments of ransomwares and how companies should prepare to protect themselves in their Steps to Protect and Reduce the Impact of Ransomware Attacks.


On 29 August 2017, Galaad Delval, Researcher at Chen & Co. Law Firm, specialized in cybersecurity and data protection law gave a presentation at the European Union Chamber of Commerce in China (EUCCC) covering recent developments of ransomwares and how companies should prepare to protect themselves in their Steps to Protect and Reduce the Impact of Ransomware Attacks during the EUCCC seminar on Privacy and Information Security: Stay Safe from Ransomware and Malware Attacks.

Galaad began with a quick description of ransomware, a type of malware that evolved through the years from a trojan type malware with a computer locker payload to the recent worm type malware with data locker payload, or more commonly known as crypto-ransomware with worm abilities to spread through networks. He explained what this recent evolution in ransomware technology meant for companies as the threat shifted from a localized impact to a global scale impact. He then presented the scope of impacted companies by recent ransomware attacks, a scope that among others, included healthcare, power and utilities, the finance industry or the retail industry.

Following the study on what became ransomware, Galaad discussed with the audience a defensive approach against ransomware and cyber-incidents in general under the form of the Protection, Detection and Correction approach (PDC approach). This PDC approach based on requirements of the Cybersecurity Law promotes the protection against cyber-incidents, including ransomware, at all corporate level, through education and training of employees against modern threats, investment in security and security review, but also through the use of active monitoring to detect threats and protect corporate networks. Finally companies should consider how forensics and impact assessment should be implemented in their corrective approach to ransomware among network and data recovery to have the capability to learn from any suffered attack.

Concluding his presentation, Galaad stressed out the idea that ransomware and cyber-incident became a matter of when and not if. Based on this principle, he recommended companies to adopt the PDC approach, to review and implement their business continuity plan while also ensure that they had the direct, or through third parties, capacities for computer forensic to analyze suffered attack and prevent future iterations.


All News