Ransomware Response Policy for Rockhurst University
1. Purpose
To establish guidelines and procedures for responding to ransomware attacks to protect Rockhurst University’s information systems, minimize disruption, and ensure a swift recovery.
2. Scope
This policy applies to all faculty, staff, students, and other stakeholders who use Rockhurst University’s information systems.
3. Policy Statement
Rockhurst University is committed to safeguarding its digital assets and ensuring a rapid and effective response to ransomware incidents to protect sensitive data and maintain operational continuity.
4. Definitions
-
Ransomware: Malicious software designed to block access to a computer system or data until a sum of money is paid.
-
Incident Command System (ICS): A group of individuals responsible for managing and responding to security incidents.
5. Prevention and Preparedness
-
Regular Backups: Ensure regular backups of critical data are performed and securely stored offline.
-
Security Training: Conduct regular training sessions on recognizing and avoiding ransomware attacks.
-
Software Updates: Keep all systems and software updated with the latest security patches.
-
Access Controls: Implement strict access controls to limit access to sensitive information and critical systems.
-
Endpoint Protection: Deploy endpoint protection solutions to detect and block ransomware.
6. Detection and Reporting
-
Detection Mechanisms: Utilize intrusion detection systems (IDS), antivirus software, and network monitoring tools to identify potential ransomware infections.
-
Reporting Procedures:
-
Immediate Reporting: Any suspected ransomware activity must be reported immediately to the ICS via the dedicated hotline or email (ransomware@rockhurst.edu).
-
Incident Reporting Form: Complete the ransomware incident report form available on the university’s intranet.
7. Immediate Response
-
Initial Assessment: The ICS will assess the situation to confirm the presence of ransomware and determine its scope.
-
Containment Measures:
- Isolate infected systems from the network to prevent further spread.
- Disable shared drives and network connections of infected systems.
-
Communication: Notify affected users and relevant departments about the ransomware attack and provide instructions.
8. Investigation
-
Evidence Collection: Gather all relevant information, including logs, affected files, and screenshots of ransom messages.
-
Analysis: Determine the ransomware variant, methods of entry, and systems affected.
-
Impact Assessment: Identify the extent of data encryption and potential data loss.
9. Remediation
-
System Restoration: Restore infected systems and data from backups where possible.
-
Decryption: Explore decryption options if available. Contact cybersecurity experts or law enforcement if necessary.
-
Eradication: Remove the ransomware from all affected systems and apply security patches.
10. Communication and Support
-
Internal Communication: Keep the university community informed about the ransomware attack status and response efforts.
-
External Communication: Performed by campus leadership or Marketing team.
-
Support Services: Provide support services to affected individuals, including data recovery assistance and counseling.
11. Post-Incident Review
-
Debriefing Session: Conduct a debriefing session with the ICS to review the incident and response actions.
-
Root Cause Analysis: Perform a root cause analysis to understand how the ransomware attack succeeded.
-
Policy and Procedure Updates: Update policies, procedures, and training programs based on lessons learned.
12. Continuous Improvement
-
Regular Audits: Perform regular security audits to ensure the effectiveness of ransomware prevention and response measures.
-
Feedback Collection: Gather feedback from the community to identify areas for improvement and enhance the response process.
13. Compliance and Enforcement
-
Adherence to Policy: All university members must adhere to this policy. Failure to do so may result in disciplinary actions as outlined in the university’s code of conduct.
-
Legal and Regulatory Compliance: Ensure all response actions comply with relevant legal and regulatory requirements.
14. Review and Revision
This policy will be reviewed annually and updated as necessary to address new threats, incorporate technological advancements, and include community feedback.
Last Review Date
07/03/2025