Suped

What are alternative methods for sending essential communications if our domain is down due to a ransomware attack?

11 Marketer opinions4 Expert opinions4 Technical articles5 Resources

Summary

When a domain is down due to a ransomware attack, a multi-faceted approach to alternative communication is critical. Experts advise against relying on backup domains due to deliverability issues. A key strategy is establishing Out-of-Band (OuB) communication systems that operate independently of the compromised network. Maintain the ability to access ESPs from non-company machines and ensure that this access isn't dependent on compromised local infrastructure. Splitting email volume across multiple sending IPs for disaster recovery is also recommended. Other alternatives include SMS marketing, social media, direct mail (with advance planning), a secondary domain with a separate registrar/provider, leveraging public relations channels, partnering with industry peers for communication, pre-preparing email templates for use with alternative services, leveraging local media and community leaders, maintaining updated employee contact information, and setting up secure, tested off-site backups. A well-defined incident response plan, redundant and geographically diverse communication infrastructure, and thoroughly tested alternative communication channels with trained staff are also crucial.

Key findings

  • Backup Domains Not Recommended: Using backup domains can lead to deliverability issues, particularly with Gmail.
  • Out-of-Band Communication: Implementing separate communication systems independent of the compromised network is crucial.
  • Independent ESP Access: Ensure access to email service providers from non-company machines without reliance on local infrastructure.
  • Multiple Sending IPs: For disaster recovery, distribute email volume across multiple sending IPs.
  • SMS Marketing: Utilize SMS marketing for immediate and personal communication.
  • Social Media: Use social media platforms for broadcasting updates and directing users to other channels.
  • Direct Mail: Consider direct mail as a slower but reliable alternative for critical information.
  • Secondary Domain: Set up a secondary domain with a different registrar as a backup communication channel.
  • Public Relations: Leverage public relations channels for broad communication.
  • Partner Communication: Collaborate with industry partners to disseminate information.
  • Pre-prepared Email Templates: Create email templates in advance for use with alternative sending services.
  • Community Outreach: Leverage relationships with local media and community leaders.
  • Updated Employee Contacts: Maintain updated personal contact information for all employees.
  • Secure Off-site Backups: Keep secure, tested off-site backups of critical data and communication systems.
  • Incident Response Plan: Have a well-defined incident response plan including communication strategies.
  • Redundant Infrastructure: Establish redundant and geographically diverse communication infrastructure.
  • Alternative Communication Channels: Having alternative communication channels clearly defined and tested.

Key considerations

  • Proactive Planning: Advance planning is essential for effective implementation during a ransomware attack.
  • Regular Testing: Regularly test all alternative communication methods and systems.
  • Staff Training: Train staff on the use of alternative communication channels.
  • Channel Accessibility: Ensure easy accessibility to all alternative communication channels.
  • Data Security: Carefully consider security implications for all alternative methods.
  • Channel Testing: Test channels before an incident occurs.

What email marketers say
11Marketer opinions

When a domain is down due to a ransomware attack, alternative communication methods are crucial. These include Out-of-Band communications (separate systems independent of the network), using ESP platforms from non-company machines, SMS marketing, social media, direct mail, secondary domains, public relations channels, partner communication, pre-prepared email templates, leveraging local media and community leaders, and maintaining updated employee contact information.

Key opinions

  • Out-of-Band Comms: Consider implementing completely separate communication systems that are independent of the compromised network.
  • ESP Access: Ensure access to email service provider (ESP) platforms from non-company machines remains possible.
  • SMS Marketing: Utilize SMS marketing for immediate and personal communication of urgent updates.
  • Social Media: Leverage social media platforms for broadcasting updates and directing users to alternative channels.
  • Direct Mail: Plan for direct mail as a reliable but slower alternative, especially for critical information.
  • Secondary Domain: Set up a secondary domain with a different registrar/provider as a backup communication channel.
  • Public Relations: Utilize public relations channels to disseminate important information to a broad audience.
  • Partner Communication: Collaborate with partners and industry peers to use their channels for wider reach.
  • Email Templates: Prepare email templates in advance for quick adaptation and sending via alternative email services.
  • Community Outreach: Utilize relationships with local media and community leaders to disseminate information effectively.
  • Employee Contacts: Maintain updated personal contact information for all employees to facilitate direct communication.

Key considerations

  • Planning: Proactive planning and preparation are essential for effectively implementing alternative communication methods during a ransomware attack.
  • Accessibility: Ensure that all alternative communication channels are easily accessible and that staff are trained on their usage.
  • Testing: Regularly test failover processes and alternative communication systems to ensure they function as expected.
  • Data Security: Consider security implications for alternative communication methods (e.g., SMS, social media) and employee personal contact information.
Marketer view

Email marketer from Mailchimp Resources shares that, while slower, direct mail can be a reliable alternative for reaching customers with critical information, especially if digital channels are compromised. They advise planning for this in advance with pre-printed materials.

October 2021 - Mailchimp Resources
Marketer view

Email marketer from HubSpot Blog explains that using social media platforms like Twitter or Facebook can be effective for broadcasting essential communications during a domain outage. HubSpot suggests posting updates and directing users to alternative communication channels.

July 2023 - HubSpot Blog
Marketer view

Email marketer from Reddit user u/cybersecurityexpert suggests setting up a secondary domain with a different registrar and hosting provider as a backup. This domain can be used for essential communications if the primary domain is compromised. He recommends regularly testing the failover process.

November 2021 - Reddit
Marketer view

Email marketer from StackExchange user 'EmailGuru' advises preparing email templates in advance that can be quickly adapted and sent through an alternative email service if the primary system is unavailable. This ensures that essential communications can be sent without delay.

February 2023 - StackExchange
Marketer view

Marketer from Email Geeks explains that If a company falls victim to a ransomware attack, logging into corporate computers and networks might be impossible. However, campaigns could still be launched from an ESP platform using a non-company machine.

April 2022 - Email Geeks
Marketer view

Email marketer from Neil Patel Blog shares that SMS marketing is a great way to communicate with your audience if your domain is down. Neil explains it is immediate, personal, and effective for urgent updates.

July 2021 - Neil Patel Blog
Marketer view

Marketer from Email Geeks suggests that for essential comms, consider Out of Band (OuB) comms, which involves a completely separate staff comms system that can operate independently of your network/domain.

April 2022 - Email Geeks
Marketer view

Email marketer from Quora user John Smith suggests leveraging a public relations channel to disseminate important information to the public. This can be particularly useful for larger organizations that need to communicate with a broad audience.

January 2022 - Quora
Marketer view

Email marketer from Business News Daily explains it's important to maintain updated personal contact information for all employees, including phone numbers and personal email addresses. They advise this allows for direct communication during a ransomware attack when corporate systems are inaccessible.

March 2022 - Business News Daily
Marketer view

Email marketer from LinkedIn user Jane Doe suggests collaborating with partners or industry peers to disseminate information through their communication channels. This can help reach a wider audience and ensure that important messages are delivered even if your own systems are compromised.

November 2021 - LinkedIn
Marketer view

Email marketer from Digital Agency Today shares that leveraging relationships with local media outlets and community leaders can help disseminate essential information during a crisis. Digital Agency Today explains these relationships can provide an avenue for reaching a broad audience quickly and efficiently.

April 2024 - Digital Agency Today

What the experts say
4Expert opinions

When a domain is down due to a ransomware attack, experts suggest carefully planning alternative communication methods. Backup domains are generally not recommended due to deliverability issues. For disaster recovery, split email volume across multiple sending IPs. Ensure ESP access isn't dependent on compromised local infrastructure. Define and test alternative communication channels, and train staff on their use.

Key opinions

  • Backup Domains Not Ideal: Using backup domains is discouraged due to deliverability problems, especially with Gmail.
  • Split Sending IPs: For disaster recovery, distribute email volume across multiple sending IPs.
  • Independent ESP Access: Ensure access to your ESP is not reliant on your local infrastructure, such as single sign-on, to maintain access during a ransomware event.
  • Pre-defined Communication Channels: Alternative communication channels must be clearly defined and tested *before* an incident occurs, with staff training provided.

Key considerations

  • Disaster Recovery Planning: A comprehensive disaster recovery plan is crucial for maintaining communication during a ransomware attack.
  • Channel Accessibility: Ensure alternative communication channels are easily accessible to all staff.
  • Training: Staff training on alternative communication channels is essential for effective implementation.
  • Testing: Regular testing of alternative communication methods is necessary to ensure functionality.
Expert view

Expert from Word to the Wise highlights the importance of having alternative communication channels clearly defined and tested *before* an incident occurs. This includes ensuring staff are trained on their usage and that the channels are easily accessible, like a dedicated phone line or messaging app.

October 2024 - Word to the Wise
Expert view

Expert from Email Geeks advises making sure access to the ESP isn't dependent on the local infrastructure (like single-sign-on) after a ransomware attack.

June 2021 - Email Geeks
Expert view

Expert from Email Geeks shares that backup domains are not a great solution. Al explains that domain sharing isn't best practice anymore. Shared domains have issues with monitoring and preventing problems leading to Gmail issues. Even if a domain is warm, it's not warm with *your* mail, and delivery might not be acceptable.

May 2022 - Email Geeks
Expert view

Expert from Email Geeks advises that best practice disaster recovery (DR) for email streams is to split volume across at least 2 sending IPs.

October 2022 - Email Geeks

What the documentation says
4Technical articles

In the event of a ransomware attack that brings down a domain, documentation from NIST, CISA, SANS Institute, and The Cyber Peace Institute emphasize proactive measures for maintaining essential communications. These include secure, off-site backups, a well-defined incident response plan with alternative strategies, establishing out-of-band communication channels, and implementing redundant, geographically diverse infrastructure.

Key findings

  • Secure Off-Site Backups: Maintaining secure, regularly tested, and isolated off-site backups of critical data and communication systems is crucial.
  • Incident Response Plan: A well-defined incident response plan must include alternative communication strategies.
  • Out-of-Band Communication: Establishing out-of-band communication channels, like dedicated phone lines or secure messaging apps, is essential for internal communication.
  • Redundant Infrastructure: Creating redundant and geographically diverse communication infrastructure enhances resilience against localized outages.

Key considerations

  • Backup Security: Ensure backups are isolated from the primary network to prevent ransomware from spreading to them.
  • Third-Party Platforms: Consider using third-party communication platforms to ensure communication capabilities are maintained.
  • Employee Access: Plan for scenarios where employees can still stay informed even if corporate systems are down.
  • Infrastructure Diversity: Implement multiple internet service providers and host email servers in different geographic locations to minimize disruptions.
Technical article

Documentation from CISA recommends having a well-defined incident response plan that includes alternative communication strategies. The plan should outline how to communicate with employees, customers, and stakeholders if the primary communication channels are unavailable. Consider using a third-party communication platform.

June 2022 - CISA
Technical article

Documentation from The Cyber Peace Institute advises establishing redundant and geographically diverse communication infrastructure to ensure resilience. The Cyber Peace Institute says that this includes using multiple internet service providers and hosting email servers in different locations to minimize the impact of localized outages.

May 2024 - Cyber Peace Institute
Technical article

Documentation from NIST explains that maintaining secure, off-site backups of critical data and communication systems is essential. NIST advises that these backups should be regularly tested and isolated from the primary network to prevent ransomware from spreading to them.

August 2023 - NIST
Technical article

Documentation from SANS Institute recommends establishing out-of-band communication channels, such as a dedicated phone line or a secure messaging app on personal devices, to communicate internally during a cyber incident. This ensures that employees can stay informed even if corporate systems are down.

December 2024 - SANS Institute

Related resources
5Resources

I've Been Hit By Ransomware! | CISA
I've Been Hit By Ransomware! | CISA

The Cybersecurity and Infrastructure Security Agency (CISA) strongly recommends responding to ransomware by using the following checklist provided in a Joint CISA and Multi-State Information Sharing and Analysis Center (MS-ISAC) Ransomware Guide. This information will take you through the response process from detection to containment and eradication. Be sure to move through the first three steps in sequence

Cybersecurity and Infrastructure Security Agency CISA
8 Common Types of Cyber Attack Vectors and How to Avoid Them ...
8 Common Types of Cyber Attack Vectors and How to Avoid Them ...

Explore the most common cyber attack vectors, including compromised credentials and zero-day vulnerabilities, and learn proven strategies to improve your organization’s cybersecurity posture.

Balbix
12 Most Common Types of Cyberattacks
12 Most Common Types of Cyberattacks

Cyberattacks can target a wide range of victims from individual users to enterprises or even governments. When targeting businesses or other organizations, the hacker’s goal is usually to access sensitive and valuable company resources, such as intellectual property (IP), customer data or payment details.

CrowdStrike.com
5 Ways to Detect a Phishing Email: With Examples
5 Ways to Detect a Phishing Email: With Examples

Phishing is becoming more sophisticated. But how can you tell whether an email is legitimate or a phishing attempt? Here are five signs.

IT Governance Blog
Ransomware Attack - What is it and How Does it Work? - Check ...
Ransomware Attack - What is it and How Does it Work? - Check ...

What is ransomware and how it works? Learn how to Protect From and Prevent Ransomware attacks.

Check Point Software

Related questions