Summary
When a domain is down due to a ransomware attack, a multi-faceted approach to alternative communication is critical. Experts advise against relying on backup domains due to deliverability issues. A key strategy is establishing Out-of-Band (OuB) communication systems that operate independently of the compromised network. Maintain the ability to access ESPs from non-company machines and ensure that this access isn't dependent on compromised local infrastructure. Splitting email volume across multiple sending IPs for disaster recovery is also recommended. Other alternatives include SMS marketing, social media, direct mail (with advance planning), a secondary domain with a separate registrar/provider, leveraging public relations channels, partnering with industry peers for communication, pre-preparing email templates for use with alternative services, leveraging local media and community leaders, maintaining updated employee contact information, and setting up secure, tested off-site backups. A well-defined incident response plan, redundant and geographically diverse communication infrastructure, and thoroughly tested alternative communication channels with trained staff are also crucial.
Key findings
- Backup Domains Not Recommended: Using backup domains can lead to deliverability issues, particularly with Gmail.
- Out-of-Band Communication: Implementing separate communication systems independent of the compromised network is crucial.
- Independent ESP Access: Ensure access to email service providers from non-company machines without reliance on local infrastructure.
- Multiple Sending IPs: For disaster recovery, distribute email volume across multiple sending IPs.
- SMS Marketing: Utilize SMS marketing for immediate and personal communication.
- Social Media: Use social media platforms for broadcasting updates and directing users to other channels.
- Direct Mail: Consider direct mail as a slower but reliable alternative for critical information.
- Secondary Domain: Set up a secondary domain with a different registrar as a backup communication channel.
- Public Relations: Leverage public relations channels for broad communication.
- Partner Communication: Collaborate with industry partners to disseminate information.
- Pre-prepared Email Templates: Create email templates in advance for use with alternative sending services.
- Community Outreach: Leverage relationships with local media and community leaders.
- Updated Employee Contacts: Maintain updated personal contact information for all employees.
- Secure Off-site Backups: Keep secure, tested off-site backups of critical data and communication systems.
- Incident Response Plan: Have a well-defined incident response plan including communication strategies.
- Redundant Infrastructure: Establish redundant and geographically diverse communication infrastructure.
- Alternative Communication Channels: Having alternative communication channels clearly defined and tested.
Key considerations
- Proactive Planning: Advance planning is essential for effective implementation during a ransomware attack.
- Regular Testing: Regularly test all alternative communication methods and systems.
- Staff Training: Train staff on the use of alternative communication channels.
- Channel Accessibility: Ensure easy accessibility to all alternative communication channels.
- Data Security: Carefully consider security implications for all alternative methods.
- Channel Testing: Test channels before an incident occurs.
What email marketers say
11 marketer opinions
When a domain is down due to a ransomware attack, alternative communication methods are crucial. These include Out-of-Band communications (separate systems independent of the network), using ESP platforms from non-company machines, SMS marketing, social media, direct mail, secondary domains, public relations channels, partner communication, pre-prepared email templates, leveraging local media and community leaders, and maintaining updated employee contact information.
Key opinions
- Out-of-Band Comms: Consider implementing completely separate communication systems that are independent of the compromised network.
- ESP Access: Ensure access to email service provider (ESP) platforms from non-company machines remains possible.
- SMS Marketing: Utilize SMS marketing for immediate and personal communication of urgent updates.
- Social Media: Leverage social media platforms for broadcasting updates and directing users to alternative channels.
- Direct Mail: Plan for direct mail as a reliable but slower alternative, especially for critical information.
- Secondary Domain: Set up a secondary domain with a different registrar/provider as a backup communication channel.
- Public Relations: Utilize public relations channels to disseminate important information to a broad audience.
- Partner Communication: Collaborate with partners and industry peers to use their channels for wider reach.
- Email Templates: Prepare email templates in advance for quick adaptation and sending via alternative email services.
- Community Outreach: Utilize relationships with local media and community leaders to disseminate information effectively.
- Employee Contacts: Maintain updated personal contact information for all employees to facilitate direct communication.
Key considerations
- Planning: Proactive planning and preparation are essential for effectively implementing alternative communication methods during a ransomware attack.
- Accessibility: Ensure that all alternative communication channels are easily accessible and that staff are trained on their usage.
- Testing: Regularly test failover processes and alternative communication systems to ensure they function as expected.
- Data Security: Consider security implications for alternative communication methods (e.g., SMS, social media) and employee personal contact information.
Marketer view
Email marketer from Mailchimp Resources shares that, while slower, direct mail can be a reliable alternative for reaching customers with critical information, especially if digital channels are compromised. They advise planning for this in advance with pre-printed materials.
22 May 2024 - Mailchimp Resources
Marketer view
Email marketer from HubSpot Blog explains that using social media platforms like Twitter or Facebook can be effective for broadcasting essential communications during a domain outage. HubSpot suggests posting updates and directing users to alternative communication channels.
31 Dec 2023 - HubSpot Blog
What the experts say
4 expert opinions
When a domain is down due to a ransomware attack, experts suggest carefully planning alternative communication methods. Backup domains are generally not recommended due to deliverability issues. For disaster recovery, split email volume across multiple sending IPs. Ensure ESP access isn't dependent on compromised local infrastructure. Define and test alternative communication channels, and train staff on their use.
Key opinions
- Backup Domains Not Ideal: Using backup domains is discouraged due to deliverability problems, especially with Gmail.
- Split Sending IPs: For disaster recovery, distribute email volume across multiple sending IPs.
- Independent ESP Access: Ensure access to your ESP is not reliant on your local infrastructure, such as single sign-on, to maintain access during a ransomware event.
- Pre-defined Communication Channels: Alternative communication channels must be clearly defined and tested *before* an incident occurs, with staff training provided.
Key considerations
- Disaster Recovery Planning: A comprehensive disaster recovery plan is crucial for maintaining communication during a ransomware attack.
- Channel Accessibility: Ensure alternative communication channels are easily accessible to all staff.
- Training: Staff training on alternative communication channels is essential for effective implementation.
- Testing: Regular testing of alternative communication methods is necessary to ensure functionality.
Expert view
Expert from Word to the Wise highlights the importance of having alternative communication channels clearly defined and tested *before* an incident occurs. This includes ensuring staff are trained on their usage and that the channels are easily accessible, like a dedicated phone line or messaging app.
10 Apr 2023 - Word to the Wise
Expert view
Expert from Email Geeks advises making sure access to the ESP isn't dependent on the local infrastructure (like single-sign-on) after a ransomware attack.
21 Aug 2024 - Email Geeks
What the documentation says
4 technical articles
In the event of a ransomware attack that brings down a domain, documentation from NIST, CISA, SANS Institute, and The Cyber Peace Institute emphasize proactive measures for maintaining essential communications. These include secure, off-site backups, a well-defined incident response plan with alternative strategies, establishing out-of-band communication channels, and implementing redundant, geographically diverse infrastructure.
Key findings
- Secure Off-Site Backups: Maintaining secure, regularly tested, and isolated off-site backups of critical data and communication systems is crucial.
- Incident Response Plan: A well-defined incident response plan must include alternative communication strategies.
- Out-of-Band Communication: Establishing out-of-band communication channels, like dedicated phone lines or secure messaging apps, is essential for internal communication.
- Redundant Infrastructure: Creating redundant and geographically diverse communication infrastructure enhances resilience against localized outages.
Key considerations
- Backup Security: Ensure backups are isolated from the primary network to prevent ransomware from spreading to them.
- Third-Party Platforms: Consider using third-party communication platforms to ensure communication capabilities are maintained.
- Employee Access: Plan for scenarios where employees can still stay informed even if corporate systems are down.
- Infrastructure Diversity: Implement multiple internet service providers and host email servers in different geographic locations to minimize disruptions.
Technical article
Documentation from CISA recommends having a well-defined incident response plan that includes alternative communication strategies. The plan should outline how to communicate with employees, customers, and stakeholders if the primary communication channels are unavailable. Consider using a third-party communication platform.
2 Mar 2024 - CISA
Technical article
Documentation from The Cyber Peace Institute advises establishing redundant and geographically diverse communication infrastructure to ensure resilience. The Cyber Peace Institute says that this includes using multiple internet service providers and hosting email servers in different locations to minimize the impact of localized outages.
12 Apr 2024 - Cyber Peace Institute
Do I need DMARC for transactional emails from a small website, and what are the best low-cost alternatives for sending emails if my IP is blocked?
How can I intentionally deliver emails to the spam folder?
How can I prevent my domain from being blacklisted due to an infected employee's computer or scraping contact information?
How can I protect my domain from being spoofed and blacklisted?
How can I recover my domain's reputation after a spam attack blocked it on Gmail?
